CISO-approved strategies for software supply chain security

Integrating proprietary and open-source code, APIs, user interfaces, application behavior, and deployment workflows creates an intricate composition in modern applications. Any vulnerabilities within this software supply chain can jeopardize your and your customers’ safety. In this Help Net Security video, Tim Mackey, Head of Software Supply Chain Risk Strategy at Synopsys, discusses supply chain security […]

Continue Reading

Phishers use encrypted file attachments steal Microsoft 365 account credentials

Phishers are using encrypted restricted-permission messages (.rpmsg) attached in phishing emails to steal Microsoft 365 account credentials. “[The campaigns] are low volume, targeted, and use trusted cloud services to send emails and host content (Microsoft and Adobe),” say Trustwave researchers Phil Hay and Rodel Mendrez. “The initial emails are sent from compromised Microsoft 365 accounts […]

Continue Reading

New Buhti ransomware uses leaked payloads and public exploits

A newly identified ransomware operation has refashioned leaked LockBit and Babuk payloads into Buhti ransomware, to launch attacks on both Windows and Linux systems. Use of public exploits One notable aspect of the attackers leveraging the Buhti ransomware is their ability to quickly exploit newly disclosed vulnerabilities (e.g., the recently patched PaperCut and IBM Aspera […]

Continue Reading

Strengthening travel safety protocols with ISO 31030

In this Help Net Security video, Tracy Reinhold, Chief Security Officer at Everbridge, talks about ISO 31030, the officially recognized International Standard for travel risk management, guiding how to manage risks to organizations and travelers. The global pandemic has been the primary concern for travel professionals over the past three years. However, the focus is […]

Continue Reading

Phishing campaign targets ChatGPT users

A clever phishing campaign aimed at stealing users’ business email account credentials by impersonating OpenAI, the company behind the ChatGPT chatbot, has been spotted by Inky researchers. The attack ChatGPT has quickly gained popularity and is used widely by individuals and organizations. That’s enough of a reason for cybercriminals to impersonate the brand. The initial […]

Continue Reading

Barracuda email security appliances hacked via zero-day vulnerability (CVE-2023-2868)

A vulnerability (CVE-2023-2868) in Barracuda Networks’ Email Security Gateway (ESG) appliances has been exploited by attackers, the company has warned. About CVE-2023-2868 CVE-2023-2868 is a critical remote command injection vulnerability affecting only physical Barracuda Email Security Gateway appliances, versions 5.1.3.001 – 9.2.0.006. “The vulnerability arises out of a failure to comprehensively sanitize the processing of […]

Continue Reading

The essence of OT security: A proactive guide to achieving CISA’s Cybersecurity Performance Goals

The widespread adoption of remote and hybrid working practices in recent years has brought numerous benefits to various industries, but has also introduced new cyber threats, particularly in the critical infrastructure sector. These threats extend not only to IT networks but also to operational technology (OT) and cyber-physical systems, which can directly influence crucial physical […]

Continue Reading

How smart bots are infecting and exploiting the internet

According to Imperva, bad bot traffic grew to 30.2%, a 2.5% increase over 2021. In this Help Net Security video, Lynn Marks, Senior Product Manager at Imperva, discusses malicious bot activity. This is a substantial threat for businesses, leading to potential consequences such as compromised accounts, stolen data, spam, increased infrastructure and support expenses, customer […]

Continue Reading

IT employee piggybacked on cyberattack for personal gain

A 28-year-old former IT employee of an Oxford-based company has been convicted of blackmailing his employer and unauthorized access to a computer with intent to commit other offences, after pleading guilty during a hearing at Reading Crown Court, England. IT employee blackmailing his own company The man was employed as an IT Security Analyst when, […]

Continue Reading