Collaborate Disseminate
The US Cybersecurity and Infrastructure Agency (CISA) has announced the creation of “Vulnrichment,” a new project that aims to fill the CVE enrichment gap created by NIST National Vulnerability Database’s recent slowdown. NVD is faili… Continue reading CISA starts CVE “vulnrichment” program
Cybersecurity is a relatively new challenge for many IoT device makers who have traditionally produced non-connected devices. These devices were less vulnerable to exploitation and, as a result, manufacturers often lack the expertise and experience nee… Continue reading Regulators are coming for IoT device security
In this Help Net Security video, Alex Cox, Director of Threat Intelligence at LastPass, discusses how human factors are getting in the way while SMB leaders report investing more time, attention, and budget in cybersecurity. According to LastPass, thes… Continue reading Why SMBs are facing significant security, business risks
In the process of moving to the cloud, you need a security-first cloud migration strategy that considers both your security and compliance requirements upfront. In this article, we’ll discuss how you can use resources from the Center for Internet Secur… Continue reading 3 CIS resources to help you drive your cloud cybersecurity
Researchers have brought to light a new attack method – dubbed TunnelVision and uniquely identified as CVE-2024-3661 – that can be used to intercept and snoop on VPN users’ traffic by attackers who are on the same local network. ̶… Continue reading Attackers may be using TunnelVision to snoop on users’ VPN traffic (CVE-2024-3661)
RSA Conference 2024 is taking place at the Moscone Center in San Francisco. Help Net Security is on-site, and this gallery takes you inside the event. The featured vendors are: Sophos, NetSPI, IT-Harvest, Cisco, GitGuardian, Delinea, Splunk, Entrust, a… Continue reading Photos: RSA Conference 2024
MITRE has shared a timeline of the recent breach if fell victim to and has confirmed that it began earlier than previously thought: on December 31, 2023. On that day, the attackers deployed a web shell on an external-facing Ivanti Connect Secure VPN ap… Continue reading MITRE breach details reveal attackers’ successes and failures
Veeam has patched a high-severity vulnerability (CVE-2024-29212) in Veeam Service Provider Console (VSPC) and is urging customers to implement the patch. About CVE-2024-29212 Veeam Service Provider Console is a cloud platform used by managed services p… Continue reading Veeam fixes RCE flaw in backup management platform (CVE-2024-29212)
In this Help Net Security video, Brad Hibbert, Chief Strategy Officer and Chief Operating Officer for Prevalent, discusses five interesting findings from a recent industry study on third-party risk management and what he thinks they mean for cybersecur… Continue reading The complexities of third-party risk management
Russian national Dmitry Khoroshev is “LockBitSupp”, the creator, developer and administator of the infamous LockBit ransomware group, according to UK, US and Australia law enforcement agencies. The US Justice Deparment has unsealed charges … Continue reading LockBit leader unmasked: US charges Russian national