Blog

A Chief Information Security Officer (CISO) plays a crucial role in protecting an organization’s digital assets. They are responsible for ensuring the security of sensitive information, defending against cyber threats, and maintaining data integrity. Their work involves creating security strategies, collaborating with stakeholders, and addressing vulnerabilities. In this Help Net Security round-up, we present segments […]

To counteract new and emerging threat methods enhanced by artificial intelligence, specialized email security vendors are leveraging a synergy of AI and human insights to enhance email security, according to IRONSCALES and Osterman Research. Cybercriminals are already using AI in email attacks The threat of email attacks generated by AI is growing year over year […]

In this Help Net Security interview, David Gugelmann, CEO at Exeon, sheds light on the current cyber threats and their challenges for network security. He discusses the role of Network Detection and Response (NDR) solutions that leverage machine learning algorithms to improve threat detection and streamline incident response. The interview also delves into the talent […]

There is a standard playbook and best practice for when an organization discovers or is notified about a software vulnerability: The organization works quickly to fix the problem and, once a fix is available, discloses that vulnerability for the benefit of the community. This playbook is not always perfect, but it strikes a reasonable compromise […]

The threat actors behind the HiatusRAT malware have returned from their hiatus with a new wave of reconnaissance and targeting activity aimed at Taiwan-based organizations and a U.S. military procurement system. Besides recompiling malware samples for different architectures, the artifacts are said to have been hosted on new virtual private servers (VPSs), Lumen Black Lotus […]

Google will be extending the Safety check feature within the Chrome browser to alert users when a previously installed extension is no longer available in the Chrome Web Store. A safety check for Chrome extensions The Safety check scan can be run from Chrome’s Settings (under “Privacy and security”). Starting in Chrome 117, which is […]

Threat actors are leveraging access to malware-infected Windows and macOS machines to deliver a proxy server application and use them as exit nodes to reroute proxy requests. According to AT&T Alien Labs, the unnamed company that offers the proxy service operates more than 400,000 proxy exit nodes, although it’s not immediately clear how many of […]

L.A. Clark reports: Singing River Health System officials have detected unusual activity within their network, indicating a potential cyberattack. “We are working diligently with third-party specialists to investigate the source of this disruption and to confirm its impact on our systems as soon as possible. We have also engaged with the appropriate law enforcement authorities,” says […]

RARLAB has fixed a high-severity RCE vulnerability (CVE-2023-40477) in the popular file archiver tool WinRAR. About CVE-2023-40477 A widely used Windows-only utility, WinRAR can create and extract file archives in various compression formats (RAR, ZIP, CAB, ARJ, LZH, TAR, GZip, UUE, ISO, BZIP2, Z and 7-Zip). CVE-2023-40477 is a remote code execution vulnerability that could […]

From a user’s perspective, OAuth works like magic. In just a few keystrokes, you can whisk through the account creation process and gain immediate access to whatever new app or integration you’re seeking. Unfortunately, few users understand the implications of the permissions they allow when they create a new OAuth grant, making it easy for […]