Help Net Security newsletters: Daily and weekly news, cybersecurity jobs, open source projects, breaking news – subscribe here!

Please turn on your JavaScript for this page to function normally.

News

password
Whitepaper: Why Microsoft’s password protection is not enough

Microsoft’s Azure AD Password Protection, now rebranded as Microsoft Entra ID helps users create a password policy they hope will protect their systems from account takeover …

Spoutible
Spoutible API exposed encrypted password reset tokens, 2FA secrets of users

A publicly exposed API of social media platform Spoutible may have allowed threat actors to scrape information that can be used to hijack user accounts. The problem with the …

ResumeLooters
ResumeLooters target job search sites in extensive data heist

Group-IB identified a large-scale malicious campaign primarily targeting job search and retail websites of companies in the Asia-Pacific region. The group, dubbed …

Mastodon
Lagging Mastodon admins urged to patch critical account takeover flaw (CVE-2024-23832)

Five days after Mastodon developers pushed out fixes for a remotely exploitable account takeover vulnerability (CVE-2024-23832), over 66% of Mastodon servers out there have …

Marco Eggerling
How CISOs navigate policies and access across enterprises

In this Help Net Security interview, Marco Eggerling, Global CISO at Check Point, discusses the challenge of balancing data protection with diverse policies, devices, and …

crypto
3 ways to achieve crypto agility in a post-quantum world

Working at the speed of digital business is a constant challenge. But in today’s increasingly automated operational environment, crypto agility—i.e., an organization’s ability …

cybersecurity books
10 must-read cybersecurity books for 2024

Our list of cybersecurity books has been curated to steer your professional growth in 2024. This selection aims to provide comprehensive information security insights and …

cyber resilience
Paying ransoms is becoming a cost of doing business for many

Today’s pervasive cyberattacks are forcing the majority of companies to pay ransoms and break their ‘do not pay’ policies, with data recovery deficiencies compounding the …

video, conference call
Deepfaked video conference call makes employee send $25 million to scammers

A deepfake video conference call paired with social engineering tricks has led to the theft of over US$25 million from a multinational firm, the South China Morning Post has …

AnyDesk
AnyDesk has been hacked, users urged to change passwords

AnyDesk Software GmbH, the German company behind the widely used (and misused) remote desktop application of the same name, has confirmed they’ve been hacked and their …

Latio Application Security Tester
Latio Application Security Tester: Use AI to scan your code

Latio Application Security Tester is an open-source tool that enables the usage of OpenAI to scan code from the CLI for security and health issues. Features and future plans …

API
Researchers discover exposed API secrets, impacting major tech tokens

Escape’s security research team scanned 189.5 million URLs and found more than 18,000 exposed API secrets. 41% of exposed secrets were highly critical, i.e. could lead to …

Featured news

Resources

Don't miss

Cybersecurity news
Daily newsletter sent Monday-Friday
Weekly newsletter sent on Mondays
Editor's choice newsletter sent twice a month
Periodical newsletter released when there is breaking news
Weekly newsletter listing new cybersecurity job positions
Monthly newsletter focusing on open source cybersecurity tools