Cozy Bear targets EU diplomats with wine-tasting invites (again)
APT29 (aka Cozy Bear, aka Midnight Blizzard) is, once again, targeting European diplomats with fake invitations to wine-tasting events, Check Point researchers have shared. …
Funding uncertainty may spell the end of MITRE’s CVE program
The future of the Common Vulnerabilities and Exposures (CVE) program hangs in the balance: MITRE, the not-for-profit US organization that runs it, could lose the US federal …
When companies merge, so do their cyber threats
For CISOs, mergers and acquisitions (M&A) bring both potential and risk. These deals can drive growth, but they also open the door to serious cybersecurity threats that …
Strategic AI readiness for cybersecurity: From hype to reality
AI readiness in cybersecurity involves more than just possessing the latest tools and technologies; it is a strategic necessity. Many companies could encounter serious …
Attack Flow: Learn how cyber adversaries combine and sequence offensive techniques
MITRE’s Attack Flow project aims to translate complex cyber operations into a structured language. By describing how adversaries sequence and combine offensive …
The future of authentication: Why passwordless is the way forward
By now, most CISOs agree: passwords are the weakest link in the authentication chain. They’re easy to guess, hard to manage, and constantly reused. Even the most complex …
Browser extensions make nearly every employee a potential attack vector
Despite being present on virtually every employee’s browser, extensions are rarely monitored by security teams or controlled by IT, according to LayerX. Most extensions have …
Hertz data breach: Customers in US, EU, UK, Australia and Canada affected
American car rental company Hertz has suffered a data breach linked to last year’s exploitation of Cleo zero-day vulnerabilities by a ransomware gang. The breach …
Critical flaws fixed in Nagios Log Server
The Nagios Security Team has fixed three critical vulnerabilities affecting popular enterprise log management and analysis platform Nagios Log Server. About the flaws The …
Why shorter SSL/TLS certificate lifespans matter
Digital certificates are the unsung heroes of the internet, silently verifying that the websites, apps, and services you use are legit and your data is safe. For years, we’ve …
Cybercriminal groups embrace corporate structures to scale, sustain operations
In this Help Net Security interview, Sandy Kronenberg, CEO of Netarx, discusses how cybercriminal groups are adopting corporate structures and employee incentives to scale …
94% of firms say pentesting is essential, but few are doing it right
Organizations are fixing less than half of all exploitable vulnerabilities, with just 21% of GenAI app flaws being resolved, according to Cobalt. Big firms take longer to fix …