Help Net Security newsletters: Daily and weekly news, cybersecurity jobs, open source – subscribe here!

Please turn on your JavaScript for this page to function normally.
Microsoft Teams
Black Basta operators phish employees via Microsoft Teams

Black Basta ransomware affiliates are still trying to trick enterprise employees into installing remote access tool by posing as help desk workers, now also via Microsoft …

EU
EU adopts Cyber Resilience Act to secure connected products

The EU Council has adopted the Cyber Resilience Act (CRA), a new law that aims to make consumer products with digital components safe(r) to use. CRA requirements The CRA …

SolarWinds Web Help Desk
PoC for critical SolarWinds Web Help Desk vulnerability released (CVE-2024-28987)

Details about and proof-of-concept (PoC) exploit code for CVE-2024-28987, a recently patched SolarWinds Web Help Desk (WHD) vulnerability that could be exploited by …

FBI
FBI forced Flax Typhoon to abandon its botnet

A botnet operated by the Chinese state-sponsored threat actor known as Flax Typhoon has been disrupted by the law enforcement agency and abandoned by the group, FBI Director …

Foundation Software
Hackers breaching construction firms via specialized accounting software

Firms in the construction industry are getting breached by hackers via internet-exposed servers running Foundation accounting software, Huntress researchers are warning. …

Zyxel
Zyxel fixes critical command injection flaw in EOL NAS devices (CVE-2024-6342)

Users of Zyxel network-attached storage (NAS) devices are urged to implement hotfixes addressing a critical and easily exploited command injection vulnerability …

CISO
vCISO services thrive, but challenges persist

While 75% of service providers report high customer demand for vCISO functionality, a new Cynomi report reveals that only 21% are actively offering it—opening a window onto a …

Zyxel
Critical flaw in Zyxel’s secure routers allows OS command execution via cookie (CVE-2024-7261)

Zyxel has patched a myriad of vulnerabilities in its various networking devices, including a critical one (CVE-2024-7261) that may allow unauthenticated attackers to execute …

SolarWinds
Another critical SolarWinds Web Help Desk bug fixed (CVE-2024-28987)

A week after SolarWinds released a fix for a critical code-injection-to-RCE vulnerability (CVE-2024-28986) in Web Help Desk (WHD), another patch for another critical flaw …

SolarWinds
Critical RCE bug in SolarWinds Web Help Desk fixed (CVE-2024-28986)

SolarWinds has fixed a critical vulnerability (CVE-2024-28986) in its Web Help Desk (WHD) solution that may allow attackers to run commands on the host machine. “While …

smb threats
78% of SMBs fear cyberattacks could shut down their business

94% of SMBs have experienced at least one cyberattack, a dramatic rise from 64% in 2019, according to ConnectWise. This increase in cyberattacks is exacerbated by the fact …

human risk
Why SMBs are facing significant security, business risks

In this Help Net Security video, Alex Cox, Director of Threat Intelligence at LastPass, discusses how human factors are getting in the way while SMB leaders report investing …

Don't miss

Cybersecurity news