Here's a summary of the most interesting news, articles, interviews and videos from the past week.
Veeam fixes RCE flaw in backup management platform (CVE-2024-29212)
Veeam has patched a high-severity vulnerability (CVE-2024-29212) in Veeam Service Provider Console (VSPC) and is encouraging customers to implement the patch.
May 2024 Patch Tuesday Prediction: A reminder of recent threats and impacts
The April Patch thunderstorms have passed and things are much milder until May 2024 Patch Tuesday. April 2024 Patch Tuesday turned out to be a busy one with 150 new CVEs addressed by Microsoft.
Current Cyber Security Jobs: May 8, 2024
We research the market and bring you a selection of roles across a range of skill levels in the cybersecurity field. Check out our weekly list of cybersecurity jobs available now.
Zscaler denies material infringement claims
On Wednesday, a threat actor named “InteIBroker” offered “access to one of the largest cybersecurity companies” for sale, immediately sparking speculation about which company it might be.
Details of the MITER breach reveal attackers' successes and failures
MITER shared the timeline of its recent breach, confirming that it began on December 31, 2023, earlier than previously thought.
How to prepare for the CISSP exam: Tips from industry leaders
In this article, CISSP Certified Cybersecurity Leaders provide practical tips and strategies to help candidates address the extensive learning requirements and effectively manage their CISSP exam preparation time.
Strategies to prevent AI abuse in cybersecurity
In this Help Net Security interview, Pukar Hamal, CEO of SecurityPal, talks about integrating AI tools in cybersecurity.
Pktstat: Open Source Ethernet Interface Traffic Monitor
Pktstat is an open source tool that provides an easy alternative to ncurses-based Pktstat.
Google fixes Chrome zero-day due to undisclosed exploit (CVE-2024-4671)
Google has fixed a zero-day vulnerability (CVE-2024-4671) in Chrome. This vulnerability exists in an exploited state.
F5 fixes BIG-IP Next Central Manager flaws in public PoC (CVE-2024-21793, CVE-2024-26026)
Eclypsium researchers have published details and PoC exploits for two remotely exploitable injection vulnerabilities (CVE-2024-21793, CVE-2024-26026) affecting F5's BIG-IP Next Central Manager .
CISA launches CVE “vulnerability hardening” program
The U.S. Cybersecurity and Infrastructure Agency (CISA) announced the creation of a new project, Vulnrichment, aimed at filling the CVE enrichment gap created by the recent stalling of the NIST National Vulnerability Database.
Attackers may be using TunnelVision to snoop on users' VPN traffic (CVE-2024-3661)
Researchers have uncovered a new attack technique called TunnelVision and uniquely identified as CVE-2024-3661. This technique can be used by an attacker on the same local network to intercept and snoop on her VPN user's traffic.
Uncovering the identity of Rockbit leader: US accuses Russian nationality
According to law enforcement agencies in the United Kingdom, United States, and Australia, Russian national Dmitry Khoroshev is the creator, developer, and administrator of the notorious LockBit ransomware group known as LockBitSupp.
Ransomware business profitability is declining
As the number of real (and fake) victims of ransomware gangs continues to grow, the number of ransomware payments is decreasing, and the average ransom payment amount is also decreasing.
BlackBasta claims Synlab attack, leaks some stolen documents
The BlackBasta ransomware/cyber extortion gang is behind the recent cyber attack that led to the temporary suspension of operations at Synlab Italia.
How secure is “password protection” for Files and Drive?
People in certain professions such as medicine, law, and business often rely on password protection when sending files via email, believing that it provides sufficient security against prying eyes. there is. However, simple password protection for PDF or Excel files is not as foolproof as you might think.
Why SMBs face significant security and business risks
In this Help Net Security video, Alex Cox, Director of Threat Intelligence at LastPass, reports that small business leaders are investing more time, attention, and budget into cybersecurity, but the human factor Describe how you are getting in the way.
Cybercrime statistics you can't ignore
This article presents excerpts from various reports that provide statistics and insights on the current cybercrime landscape.
Regulators target IoT device security
IoT devices are built on insecure software. Most open source software and the chips used to build devices are insufficiently secure.
Complexity of third-party risk management
In this Help Net Security video, Brad Hibbert, Chief Strategy Officer and Chief Operating Officer at Prevalent, shares five interesting findings from a recent industry study on third-party risk management and how they apply to cybersecurity professionals. We discuss what we think it means for your home and your company's TPRM program. .
Organizations move forward with AI adoption despite security risks
According to Immuta, AI adoption rates remain very high, with 54% of data professionals saying their organizations are already leveraging at least four AI systems or applications.
6 tips for effectively implementing security gamification
Who doesn't know that the median CISO tenure for industry CISOs is extremely short? That's why the best CISOs are those who are always looking for ways to strengthen their teams.
Strategic benefits of targeted threat intelligence
In this Help Net Security video, Gabi Reish, Chief Business Development and Product Officer at Cybersixgill, explains the role of threat intelligence in any company's security stack.
Privacy requests increased by 246% in two years
Data Subject Requests (DSRs) – formal requests that individuals make to businesses to access, delete, or not sell/share their personal data – will grow from 2022 to 2023, according to DataGrail research. It has increased by 32% since then. 2024 Privacy Trends Report.
97% of organizations affected by ransomware report it to law enforcement
Sophos has announced additional findings from its annual State of Ransomware 2024 study. According to the report, 97% of organizations surveyed that were hit by ransomware in the past year asked law enforcement or public government agencies to assist with the attack.
Three CIS resources to help you advance your cloud cybersecurity journey
The cloud migration process requires a security-first cloud migration strategy that proactively considers both security and compliance requirements. This article describes how to create such an approach using resources from the Center for Internet Security (CIS).
Only 45% of organizations use MFA to protect against fraud
According to Ping Identity, most businesses struggle with identity verification and are concerned about their ability to protect against AI.
Photo: RSA Conference 2024
RSA Conference 2024 will be held at the Moscone Center in San Francisco. Help Net Security will be onsite to take you inside the event in this gallery.
eBook: Focus on CISSP Fundamentals
From technical tools to help manage access controls to non-technical skills like collaboration, learn the fundamentals you need in cybersecurity and how CISSP can guide you through the knowledge and skills you need to succeed.
New Information Security Products of the Week: May 10, 2024
Here are the most interesting products of the past week, featuring releases from Abnormal Security, AuditBoard, Cranium, Datadog, Eclypsium, ExtraHop, Forcepoint, SentinelOne, Splunk, Sumo Logic, and Trellix.
