Category Archives: attacks

Is it possible to trick a user into logging in to a site, then stealing a non HttpOnly cookie that will be set after they log in?

Posted on by

If a user has already logged in, and then the site sets a non HttpOnly cookie, then it seems possible to trick the user into doing something that would lead to the cookie being stolen.
If the cookie expires after one minute, it seems like … Continue reading Is it possible to trick a user into logging in to a site, then stealing a non HttpOnly cookie that will be set after they log in?

Enterprises increasingly block AI transactions over security concerns

Posted on by

Enterprises must secure a transformation driven by generative AI (GenAI) bidirectionally: by securely adopting GenAI tools in the enterprise with zero trust while leveraging it to defend against the new AI-driven threat landscape, according to Zscaler…. Continue reading Enterprises increasingly block AI transactions over security concerns

Mom receiving texts with some private info daughter has not sent [closed]

Posted on by

I have received three texts from my daughter’s phone number – she is on an iPhone 14, I am on a Google Pixel 4. The first two texts came in on my car Android Auto – a week apart, but within minutes of the same time of day…and copies of t… Continue reading Mom receiving texts with some private info daughter has not sent [closed]

Strengthening critical infrastructure cybersecurity is a balancing act

Posted on by

In this Help Net Security interview, Aaron Crow, Senior Director at MorganFranklin Consulting, discusses critical infrastructure cybersecurity strategies, barriers to threat information sharing, and innovative technologies enhancing resilience against … Continue reading Strengthening critical infrastructure cybersecurity is a balancing act

Key MITRE ATT&CK techniques used by cyber attackers

Posted on by

While the threat landscape continues to shift and evolve, attackers’ motivations do not, according to a Red Canary report. The classic tools and techniques adversaries deploy remain consistent–with some notable exceptions. The report tracked MITRE ATT&… Continue reading Key MITRE ATT&CK techniques used by cyber attackers

The most concerning risks for 2024 and beyond

Posted on by

In this Help Net Security video, Melissa Bischoping, Director, Endpoint Security Research at Tanium, discusses the most concerning risks for 2024 and beyond, from both an internal and external perspective.
The post The most concerning risks for 2024 an… Continue reading The most concerning risks for 2024 and beyond

Email security trends in the energy and infrastructure sector

Posted on by

In this Help Net Security video, Mike Britton, CISO at Abnormal Security, discusses how energy and infrastructure organizations face an increased risk of business email compromise and vendor email compromise attacks. According to Abnormal Security data… Continue reading Email security trends in the energy and infrastructure sector

Vishing, smishing, and phishing attacks skyrocket 1,265% post-ChatGPT

Posted on by

76% of enterprises lack sufficient voice and messaging fraud protection as AI-powered vishing and smishing skyrocket following the launch of ChatGPT, according to Enea. Enterprises report significant losses from mobile fraud 61% of enterprises still su… Continue reading Vishing, smishing, and phishing attacks skyrocket 1,265% post-ChatGPT

State-sponsored hackers know enterprise VPN appliances inside out

Posted on by

Suspected Chinese state-sponsored hackers leveraging Ivanti Connect Secure VPN flaws to breach a variety of organizations have demonstrated “a nuanced understanding of the appliance”, according to Mandiant incident responders and threat hun… Continue reading State-sponsored hackers know enterprise VPN appliances inside out