vulnerability
Kafdrop flaw allows data from Kafka clusters to be exposed Internet-wide
Researchers at Spectral discovered a security flaw in Kafdrop, a popular open-source UI and management interface for Apache Kafka clusters that has been downloaded more than …
Determined APT is exploiting ManageEngine ServiceDesk Plus vulnerability (CVE-2021-44077)
An APT group is leveraging a critical vulnerability (CVE-2021-44077) in Zoho ManageEngine ServiceDesk Plus to compromise organizations in a variety of sectors, including …
Tor2Mine cryptominer has evolved: Just patching and cleaning the system won’t help
Sophos released new findings on the Tor2Mine cryptominer, that show how the miner evades detection, spreads automatically through a target network and is increasingly harder …
The importance of vulnerability management for your organization
Everyone is familiar with home burglaries. Criminals case a house looking for easy access through open windows, unlocked doors, open garages, and the like. Hackers take the …
API security awareness: The first step to better assessing the risk
In this Help Net Security interview, Tal Steinherz, CTO at Wib, talks about the importance of API security awareness and how to tackle numerous threats that are plaguing it. …
Despite the popularity of password managers, many still use pen and paper
Password managers are a near-defacto standard for organizations, with 86% reporting they are being put to use, according to a Bitwarden survey of over 400 U.S. IT decision …
Control failures are behind a growing number of cybersecurity incidents
Data from a survey of 1,200 enterprise security leaders reveals that an increase in tools and manual reporting combined with control failures are contributing to the success …
150+ HP multifunction printers open to attack (CVE-2021-39237, CVE-2021-39238)
Over 150 HP multifunction printers (MFPs) are open to attack via two exposed physical access port vulnerabilities (CVE-2021-39237) and two different font parsing …
How to combat ransomware with visibility
In the first half of 2021, average ransomware demands surged by 518%, while payments climbed by 82%. There has been a growing number of attacks in healthcare, with 560 …
After failed fix, researcher releases exploit for Windows EoP flaw (CVE-2021-41379)
A local elevation of privilege vulnerability (CVE-2021-41379) in the Windows Installer that Microsoft supposedly fixed on November 2021 Patch Tuesday is, according to its …
Ethical hackers and the economics of security research
Bugcrowd released a report which provides CIOs and CISOs valuable insight on ethical hackers and the economics of security research. New findings indicate a startling shift in …
Lack of API visibility undermines basic principle of security
One of the oldest principles of security is that you cannot secure what you cannot see. Visibility has always been the starting place for monitoring and protecting attack …
Featured news
Resources
Don't miss
- Building a healthcare cybersecurity strategy that works
- AI-generated images have a problem of credibility, not creativity
- The five-minute guide to OT cyber resilience
- Another remotely exploitable Oracle EBS vulnerability requires your attention (CVE-2025-61884)
- Apple offers $2 million for zero-click exploit chains