Security News

The threat actors behind the BianLian ransomware have been observed exploiting security flaws in JetBrains TeamCity software to conduct their extortion-only attacks. According to a new report from...

One of the web's biggest cybersecurity training resources, The Complete 2024 Cyber Security Developer & IT Skills Bundle, is now just $59.97. If your business is in need of some cybersecurity help, why not learn cybersecurity skills yourself? The Complete 2024 Cyber Security Developer & IT Skills Bundle is one of the most comprehensive resources you'll find anywhere on the web to work toward earning a host of leading cybersecurity certifications, and it's on sale for $59.97 through March 17.

This collection of free cybersecurity guides covers a broad range of topics, from resources for developing cybersecurity programs to specific guides for various sectors and organizations. Whether you work for a small business, a large corporation, or a specific industry, these guides provide insights into cybersecurity best practices, strategies to combat threats, and advice for using online services safely.

Technical specifics and a proof-of-concept (PoC) exploit have been made available for a recently disclosed critical security flaw in Progress Software OpenEdge Authentication Gateway and...

In this Help Net Security interview, Omkhar Arasaratnam, General Manager at the Open Source Security Foundation, discusses the evolution of memory-safe programming languages and their emergence in response to the limitations of languages like C and C++. Memory safety concerns, prevailing for over five decades, involve abstracting programmers from memory management tasks. Modern languages like Java, Rust, Python, and JavaScript alleviate these concerns by handling memory management on behalf of the programmer, thereby allowing a focus on code quality without the risks associated with low-level memory management.

A financially motivated threat actor called Magnet Goblin is swiftly adopting one-day security vulnerabilities into its arsenal in order to opportunistically breach edge devices and public-facing...

CloudGrappler is an open-source tool designed to assist security teams in identifying threat actors within their AWS and Azure environments. The tool, built on the foundation of Cado Security's cloudgrep project, offers enhanced detection capabilities based on the tactics, techniques, and procedures of modern cloud threat actors like LUCR-3.

In this Help Net Security video, Mike Britton, CISO at Abnormal Security, discusses how energy and infrastructure organizations face an increased risk of business email compromise and vendor email compromise attacks. According to Abnormal Security data, from February 2023 to July 2023, the average number of BEC weekly attacks was 0.53 per 1,000 mailboxes.

97% of technology leaders find traditional AIOps models are unable to tackle the data overload, according to Dynatrace. 88% of organizations say the complexity of their technology stack has increased in the past 12 months, and 51% say it will continue to increase.

Infosec in brief Cybersecurity researchers informed Microsoft that Notorious North Korean hackers Lazarus Group discovered the "Holy grail" of rootkit vulnerabilities in Windows last year, but Redmond still took six months to patch the problem. Avast claims Lazarus Group used the vulnerability to obtain read/write primitive on the Windows kernel and install their FudModule rootkit, but Microsoft's opinion on the severity of admin-to-kernel exploits meant it didn't prioritize the matter, waiting until February's patch Tuesday to fix the issue, which it tagged as CVE-2024-21338, with a CVSS score of 8/10. "Some Windows components and configurations are explicitly not intended to provide a robust security boundary," Microsoft states on its Security Servicing criteria page.