Blog

A high-severity security flaw has been disclosed in the WinRAR utility that could be potentially exploited by a threat actor to achieve remote code execution on Windows systems. Tracked as CVE-2023-40477 (CVSS score: 7.8), the vulnerability has been described as a case of improper validation while processing recovery volumes. “The issue results from the lack of proper […]

Versa Networks has released a set of enhancements to VersaAI that includes new embedded generative AI capabilities to identify malicious behaviors in real time, secure generative AI tools, and enhance network and security operational excellence. These capabilities are powered by a shared set of AI/ML engines natively integrated into the Versa Unified SASE platform and […]

Jeff Burlew reports: The 2nd Judicial Circuit announced Monday that law enforcement is investigating a data breach involving Gadsden County court records. In a news release, the circuit said that initial assessments show some of the records contained “personal identifying information.” Officials said the breach only affected Gadsden County records. Read more at Tallahassee Democrat, […]

A database listed for sale on a popular hacking forum may raise some political questions for El Salvadorans. On August 16, a listing offered 114GB of files with facial photos and 5.1 million records with El Salvadorans’ “full name, dui, date of birth, address, telephone, email and hd photo of the face.” DataBreaches was contacted […]

Open-Source Intelligence (OSINT) refers to gathering, assessing, and interpreting public information to address specific intelligence queries. All the tools listed here are available for free. Amass The OWASP Amass project performs network mapping of attack surfaces and external asset discovery using open-source information gathering and active reconnaissance techniques. Osmedeus Osmedeus is a workflow engine for […]

In this Help Net Security video, Andy Hornegold, Product Lead at Intruder, dives into API security and explores how several recent high-profile breaches were caused by simple failings – which didn’t require sophisticated security to prevent. The number of APIs is increasing year on year as more organizations are building APIs to facilitate automation. As […]

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a critical security flaw in Adobe ColdFusion to its Known Exploited Vulnerabilities (KEV) catalog, based on evidence of active exploitation. The vulnerability, cataloged as CVE-2023-26359 (CVSS score: 9.8), relates to a deserialization flaw present in Adobe ColdFusion 2018 (Update 15 and earlier) and ColdFusion 2021 ( Read More 

As cloud infrastructures become increasingly API-driven and dynamically spread across expansive attack surfaces, achieving clarity proves difficult. Compounding this challenge is the integration of DevOps practices, microservices, and container technologies, which, while fostering agility and scalability, introduce additional layers of complexity and potential security blind spots. In this Help Net Security interview, Kennedy Torkura, CTO […]

As the adoption of cloud-based and mobile-access security systems continues to increase among both new and established businesses, the lines between traditional physical security personnel and IT staff are beginning to blur. Traditionally, the common approach towards organizational security has always been to operate physical and cybersecurity systems as separate (though tangentially related) pursuits, siloing […]

Software services provider Ivanti is warning of a new critical zero-day flaw impacting Ivanti Sentry (formerly MobileIron Sentry) that it said is being actively exploited in the wild, marking an escalation of its security woes. Tracked as CVE-2023-38035 (CVSS score: 9.8), the issue has been described as a case of authentication bypass impacting versions 9.18 and prior due to […]