Collaborate Disseminate
Researchers have discovered vulnerabilities in the update process of Palo Alto Networks (CVE-2024-5921) and SonicWall (CVE-2024-29014) corporate VPN clients that could be exploited to remotely execute code on users’ devices. CVE-2024-5921 CVE-202… Continue reading Researchers reveal exploitable flaws in corporate VPN clients
Building fake, fraudulent online stores has never been easier: fraudsters are registering domain names for a pittance, using the SHOPYY e-commerce platform to build the websites, and leveraging large language models (LLMs) to rewrite existing product l… Continue reading Black Friday shoppers targeted with thousands of fraudulent online stores
Russia-aligned APT group RomCom was behind attacks that leveraged CVE-2024-9680, a remote code execution flaw in Firefox, and CVE-2024-49039, an elevation of privilege vulnerability in Windows Task Scheduler, as zero-days earlier this year. “Chai… Continue reading RomCom hackers chained Firefox and Windows zero-days to deliver backdoor
The combination of remote work, the latest technologies, and never physically meeting your employees has made it very easy for job applicants to mask their true identities from their employer and commit employment fraud. Motivations for this type of fr… Continue reading How to recognize employment fraud before it becomes a security issue
In this Help Net Security interview, Alona Geckler, Chief of Staff, SVP of Business Operations at Acronis, shares her insights on the diversity environment in the cybersecurity and IT industries. She discusses the progress made over the past two decade… Continue reading Practical strategies to build an inclusive culture in cybersecurity
In this Help Net Security video, Vincent D’Angelo, Global Director of Corporate Development and Strategic Alliances with CSC, analyzes the domain security of the Forbes Global 2000. CSC’s 2024 Domain Security Report analyzes the highest and lowest-perf… Continue reading Domain security posture of Forbes Global 2000 companies
Forest Blizzard, a threat group associated with Russia’s GRU military intelligence service, repeatedly breached a US-based organization via compromised computer systems of nearby firms, which they leveraged to authenticate to the target’s e… Continue reading Faraway Russian hackers breached US organization via Wi-Fi
Participants of the Windows Insider Program that have a Qualcomm Snapdragon-powered Copilot+ PC can now try out Recall, the infamous snapshot-taking, AI-powered feature that was met with much criticism when it was unveiled earlier this year. “We … Continue reading Microsoft asks Windows Insiders to try out the controversial Recall feature
As we continue to delegate more infrastructure operations to artificial intelligence (AI), quantum computers are advancing towards Q-day (i.e., the day when quantum computers can break current encryption methods). This could compromise the security of … Continue reading AI Kuru, cybersecurity and quantum computing
In this Help Net Security interview, Balázs Pózner, CEO at Hackrate, discusses the essential technical skills for ethical hackers and how they vary across different security domains. He explains how AI and machine learning enhance ethical hacking by st… Continue reading Overcoming legal and organizational challenges in ethical hacking