Combining identity and security strategies to mitigate risks
Last week, the Identity Defined Security Alliance (IDSA), a nonprofit that provides vendor-neutral resources to help organizations reduce the risk of a breach by combining …
Microsoft patches three exploited zero-days (CVE-2023-21715, CVE-2023-23376, CVE-2023-21823)
The February 2023 Patch Tuesday is upon us, with Microsoft releasing patches for 75 CVE-numbered vulnerabilities, including three actively exploited zero-day flaws …
Apple fixes actively exploited WebKit zero-day in iOS, macOS (CVE-2023-23529)
Apple has released security updates that fix a WebKit zero-day vulnerability (CVE-2023-23529) that “may have been actively exploited.” The bug has been fixed in …
Malware that can do anything and everything is on the rise
“Swiss Army knife” malware – multi-purpose malware that can perform malicious actions across the cyber-kill chain and evade detection by security controls – is on …
Steps CISA should take in 2023
Recently, I was asked to imagine that I had been granted an hour with top officials at the Cybersecurity and Infrastructure Security Agency (CISA) – what advice would I …
Get hired in cybersecurity: Expert tips for job seekers
The dire shortage of information security experts has left organizations struggling to keep up with the growing demand for their skills. Still, getting a job in cybersecurity …
Actionable intelligence is the key to better security outcomes
Despite the widespread belief that understanding the cyber threat actors who could be targeting their organization is important, 79% of respondents stated that their …
Vulnerabilities open Korenix JetWave industrial networking devices to attack
Three vulnerabilities found in a variety of Korenix JetWave industrial access points and LTE cellular gateways may allow attackers to either disrupt their operation or to use …
DHL, MetaMask phishing emails target Namecheap customers
A surge of phishing emails impersonating DHL and MetaMask have started hitting inboxes of Namecheap customers last week, attempting to trick recipients into sharing personal …
Can we predict cyber attacks? Bfore.AI says they can
Recently, at Cybertech Tel Aviv 2023, I met with Luigi Lenguito, CEO at Bfore.AI, who introduced me to their technology. In this Help Net Security interview, Lenguito talks …
Cybercriminals exploit fear and urgency to trick consumers
Cybercriminals remained active in spying and information stealing, with lottery-themed adware campaigns used as a tactic to obtain people’s contact details, according to …
Week in review: VMware ESXi servers under attack, ChatGPT’s malicious potential, Reddit breached
Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: While governments pass privacy laws, companies struggle to change In this …
Featured news
Resources
Don't miss
- Black Friday 2025 cybersecurity deals to explore
- Quantum encryption is pushing satellite hardware to its limits
- cnspec: Open-source, cloud-native security and policy project
- The privacy tension driving the medical data shift nobody wants to talk about
- Salesforce Gainsight compromise: Early findings and customer guidance