searchtwitterarrow rightmail strokearrow leftmail solidfacebooklinkedinplusangle upmagazine plus
Help Net Security - Daily information security news with a focus on enterprise security.
  • News
  • Features
  • Expert analysis
  • Videos
  • Reviews
  • Events
  • Reports
  • Whitepapers
  • Industry news
  • Product showcase
  • Newsletters
  • (IN)SECURE Magazine

SANS ISC

Get our top stories in your inbox

Attackers are attempting to exploit critical F5 BIG-IP RCE

May 9, 2022

Researchers have developed PoC exploits for CVE-2022-1388, a critical remote code execution bug affecting F5 BIG-IP multi-purpose networking devices/modules. Simultaneously, …

Critical Microsoft RPC runtime bug: No PoC exploit yet, but patch ASAP! (CVE-2022-26809)

April 15, 2022

Three days have passed since Microsoft’s latest Patch Tuesday, and CVE-2022-26809 has emerged as the vulnerability with the most exploitation potential. It’s easy …

Spring4Shell: No need to panic, but mitigations are advised

March 31, 2022

Security teams around the world got another shock on Thursday when news of disclosure of a PoC for an unauthenticated RCE zero-day vulnerability in Spring Core, a massively …

Log4Shell: A new fix, details of active attacks, and risk mitigation recommendations

December 15, 2021

Due to the extraordinary widespread use of the open-source Apache Log4j library, the saga of the Log4Shell (CVE-2021-44228) vulnerability is nowhere near finished. As Dr. …

Log4Shell update: Attack surface, attacks in the wild, mitigation and remediation

December 13, 2021

Several days have passed since the dramatic reveal of CVE-2021-44228 (aka Log4Shell), an easily exploitable (without authentication) RCE flaw in Apache Log4j, a popular …

Phishers tricking users via fake LinkedIn Private Shared Document

February 18, 2021

Phishers are trying to trick users into opening a “LinkedIn Private Shared Document” and entering their login credentials into a fake LinkedIn login page, security …

Easily exploitable RCE in Oracle WebLogic Server under attack (CVE-2020-14882)

October 29, 2020

A critical and easily exploitable remote code execution vulnerability (CVE-2020-14882) in Oracle WebLogic Server is being targeted by attackers, SANS ISC has warned. Oracle …

Attackers are probing Citrix controllers and gateways through recently patched flaws

July 10, 2020

Earlier this week, Citrix released security updates for Citrix Application Delivery Controller (ADC), Citrix Gateway, and the Citrix SD-WAN WANOP appliance, and urged admins …

Attackers are bypassing F5 BIG-IP RCE mitigation – you might want to patch after all

July 8, 2020

Attackers are bypassing a mitigation for the BIG-IP TMUI RCE vulnerability (CVE-2020-5902) originally provided by F5 Networks, NCC Group’s Research and Intelligence …

Better cybersecurity hinges on understanding actual risks and addressing the right problems

July 7, 2020

SANS Technology Institute’s Internet Storm Center (ISC) has been a valuable warning service and source of critical cyber threat information to internet users, …

Kwampirs threat actor continues to breach transnational healthcare orgs

March 31, 2020

The Kwampirs (aka Orangeworm) attack group continues to target global healthcare entities in this time of crisis, the FBI has warned. “Targeted entities range from major …

First patches for the Citrix ADC, Gateway RCE flaw released

January 21, 2020

As attackers continue to hit vulnerable Citrix (formerly Netscaler) ADC and Gateway installations, Citrix has released permanent fixes for some versions and has promised to …

Posts navigation

1 2

Featured news

  • iPaaS: The latest enterprise cybersecurity risk?
  • Conti effectively created an extortion-oriented IT company, says Group-IB
  • Inside a large-scale phishing campaign targeting millions of Facebook users
Webinar: What’s trending in email security?

What's new

New infosec products of the week: June 24, 2022

Attackers still exploit Log4Shell on VMware Horizon servers, CISA warns

How companies are prioritizing infosec and compliance

iPaaS: The latest enterprise cybersecurity risk?

Don't miss

Attackers still exploit Log4Shell on VMware Horizon servers, CISA warns

iPaaS: The latest enterprise cybersecurity risk?

Conti effectively created an extortion-oriented IT company, says Group-IB

Automotive hose manufacturer hit by ransomware, shuts down production control system

Inside a large-scale phishing campaign targeting millions of Facebook users

Help Net Security - Daily information security news with a focus on enterprise security.
Follow us
  • Features
  • News
  • Expert Analysis
  • Reviews
  • Events
  • Reports
  • Whitepapers
  • Industry news
  • Newsletters
  • Product showcase
  • Twitter

In case you’ve missed it

  • How to keep your NFTs safe from scammers
  • Is your organization ready for Internet Explorer retirement?
  • Attackers aren’t slowing down, here’s what researchers are seeing
  • Why you should worry about medical ID theft

(IN)SECURE Magazine ISSUE 71.5 (June 2022)

Several of the most pressing topics discussed during this year’s Conference included issues surrounding privacy and surveillance, the positive and negative impacts of machine learning and artificial intelligence, the nuances of risk and policy, and more.

Read online
© Copyright 1998-2022 by Help Net Security
Read our privacy policy | About us | Advertise