Collaborate Disseminate
Google has delivered fixes for two vulnerabilities endangering Android users that “may be under limited, targeted exploitation”: CVE-2024-43047, a flaw affecting Qualcomm chipsets, and CVE-2024-43093, a vulnerability in the Google Play fram… Continue reading Google patches actively exploited Android vulnerability (CVE-2024-43093)
The open-source software (OSS) industry is developing the core software for the global infrastructure, to the point that even some proprietary software giants adopt Linux servers for their cloud services. Still, it has never been able to get organized … Continue reading Open-source software: A first attempt at organization after CRA
In this Help Net Security interview, Barry Mainz, CEO at Forescout, discusses the obstacles organizations encounter in attaining security visibility, particularly within cloud and hybrid environments. He explains why asset intelligence—going beyond bas… Continue reading Maximizing security visibility on a budget
Synology has released fixes for an unauthenticated “zero-click” remote code execution flaw (CVE-2024-10443, aka RISK:STATION) affecting its popular DiskStation and BeeStation network attached storage (NAS) devices. About CVE-2024-10443 CVE-… Continue reading Millions of Synology NAS devices vulnerable to zero-click attacks (CVE-2024-10443)
In this Help Net Security interview, Rachel Barouch, an Organizational Coach for VCs and startups and a former VP HR in both a VC and a Cybersecurity startup, discusses the dynamics of cybersecurity researchers and team-building strategies. She highlig… Continue reading Hiring guide: Key skills for cybersecurity researchers
Whispr is an open-source CLI tool designed to securely inject secrets from secret vaults, such as AWS Secrets Manager and Azure Key Vault, directly into your application’s environment. This enhances secure local software development by seamlessly manag… Continue reading Whispr: Open-source multi-vault secret injection tool
In this Help Net Security video, James Edgar, CISO at Corpay, reveals insights into cybersecurity health, concerns, challenges, and other considerations for building a solid defense program. Key insights revealed in Corpay’s 2024 State of Busines… Continue reading Cybersecurity in crisis: Are we ready for what’s coming?
In this Help Net Security interview, Mike McNeil, CEO at Fleet, talks about the security risks posed by unmanaged mobile devices and how mobile device management (MDM) solutions help address them. He also discusses employee resistance to MDM and how op… Continue reading How open-source MDM solutions simplify cross-platform device management
In this Help Net Security interview, Miguel Guevara, Product Manager, Privacy Safety and Security at Google, discusses the complexities involved in scaling differential privacy technology across large systems. He emphasizes the need to develop secure, … Continue reading Google on scaling differential privacy across nearly three billion devices
A supply chain compromise involving Lottie Player, a widely used web component for playing site and app animations, has made popular decentralized finance apps show pop-ups urging users to connect their wallets, TradingView has reported. The pop-up (So… Continue reading Lottie Player supply chain compromise: Sites, apps showing crypto scam pop-ups