The cybersecurity gender gap: How diverse teams improve threat response

In this Help Net Security interview, Julie Madhusoodanan, Head of CyberSecurity at LinkedIn, discusses how closing the gender gap could enhance cybersecurity’s effectiveness in combating emerging threats. With women still underrepresented in cybersecur… Continue reading The cybersecurity gender gap: How diverse teams improve threat response

Osmedeus: Open-source workflow engine for offensive security

Osmedeus is an open-source workflow engine designed for offensive security. It serves as a versatile foundation, enabling users to easily create customized reconnaissance systems and scale them across extensive target lists. Osmedeus key features Speed… Continue reading Osmedeus: Open-source workflow engine for offensive security

Beware of phishing emails delivering backdoored Linux VMs!

Unknown attackers are trying to trick Windows users into spinning up a custom Linux virtual machine (VM) with a pre-configured backdoor, Securonix researchers have discovered. The campaign The attack began with a phishing email, they believe, but they … Continue reading Beware of phishing emails delivering backdoored Linux VMs!

Google patches actively exploited Android vulnerability (CVE-2024-43093)

Google has delivered fixes for two vulnerabilities endangering Android users that “may be under limited, targeted exploitation”: CVE-2024-43047, a flaw affecting Qualcomm chipsets, and CVE-2024-43093, a vulnerability in the Google Play fram… Continue reading Google patches actively exploited Android vulnerability (CVE-2024-43093)

Open-source software: A first attempt at organization after CRA

The open-source software (OSS) industry is developing the core software for the global infrastructure, to the point that even some proprietary software giants adopt Linux servers for their cloud services. Still, it has never been able to get organized … Continue reading Open-source software: A first attempt at organization after CRA

Maximizing security visibility on a budget

In this Help Net Security interview, Barry Mainz, CEO at Forescout, discusses the obstacles organizations encounter in attaining security visibility, particularly within cloud and hybrid environments. He explains why asset intelligence—going beyond bas… Continue reading Maximizing security visibility on a budget

Millions of Synology NAS devices vulnerable to zero-click attacks (CVE-2024-10443)

Synology has released fixes for an unauthenticated “zero-click” remote code execution flaw (CVE-2024-10443, aka RISK:STATION) affecting its popular DiskStation and BeeStation network attached storage (NAS) devices. About CVE-2024-10443 CVE-… Continue reading Millions of Synology NAS devices vulnerable to zero-click attacks (CVE-2024-10443)

Hiring guide: Key skills for cybersecurity researchers

In this Help Net Security interview, Rachel Barouch, an Organizational Coach for VCs and startups and a former VP HR in both a VC and a Cybersecurity startup, discusses the dynamics of cybersecurity researchers and team-building strategies. She highlig… Continue reading Hiring guide: Key skills for cybersecurity researchers

Whispr: Open-source multi-vault secret injection tool

Whispr is an open-source CLI tool designed to securely inject secrets from secret vaults, such as AWS Secrets Manager and Azure Key Vault, directly into your application’s environment. This enhances secure local software development by seamlessly manag… Continue reading Whispr: Open-source multi-vault secret injection tool