Advanced ransomware campaigns expose need for AI-powered cyber defenseIn this Help Net Security interview, Carl Froggett, CIO at Deep Instinct, discusses emerging trends in ransomware attacks, emphasizing the need for businesses to use advanced AI technologies, such as deep learning, for prevention rather than just detection and response.
SessionProbe: Open-source multi-threaded pentesting toolSessionProbe is a multi-threaded pentesting tool designed to evaluate user privileges in web applications.
Microsoft will offer extended security updates for Windows 10Microsoft will not abandon Windows 10 users to an insecure fate once it reaches end of support on October 14, 2025: both enterprises and individual consumers will be able receive Extended Security Updates, but will have to pay for them.
Researchers automated jailbreaking of LLMs with other LLMsAI security researchers from Robust Intelligence and Yale University have designed a machine learning technique that can speedily jailbreak large language models in an automated fashion.
Short-term AWS access tokens allow attackers to linger for a longer whileAttackers usually gain access to an organization's cloud assets by leveraging compromised user access tokens obtained via phishing, by using malware, or by finding them in public code repositories.
New RCE vulnerability in Apache Struts 2 fixed, upgrade ASAPThe Apache Struts project has released updates for the popular open-source web application framework, with fixes for a critical vulnerability that could lead to remote code execution.
Booking.com customers targeted in hotel booking scamScammers are hijacking hotels' Booking.com accounts and using them as part of a hotel booking scam aimed at tricking guests into sharing their payment card information.
CyberAv3ngers hit Unitronics PLCs at multiple US-based water facilitiesIran-affiliated attackers CyberAv3ngers continue to exploit vulnerable Unitronics programmable logic controllers, US and Israeli authorities have said in a joint cybersecurity advisory.
Russian hackers use old Outlook vulnerability to target Polish orgsRussian state-backed hacking group Forest Blizzard has been using a known Microsoft Outlook vulnerability to target public and private entities in Poland, Polish Cyber Command has warned.
CISA: Adobe ColdFusion flaw leveraged to access government serversUnknown attackers have leveraged a critical vulnerability in the Adobe ColdFusion application development platform to access government servers, the Cybersecurity and Infrastructure Security Agency has shared.
The AI readiness race and where global companies standIn this Help Net Security video, Dave Lewis, Advisory CISO at Cisco, helps companies understand their level of readiness.
OpenTofu: Open-source alternative to TerraformOpenTofu is an open-source alternative to Terraform's widely used Infrastructure as Code provisioning tool.
Exploring the impact of generative AI in the 2024 presidential electionIn this Help Net Security video, Ryan Maltzen, Cybersecurity Architect at Fortra, discusses how, in past elections, this was more largely a manual process than we should expect with the rise of generative AI and other tools that seem well-positioned to have impacts in this space.
21 high-risk vulnerabilities in OT/IoT routers foundForescout detailed the discovery of 21 new vulnerabilities in OT/IoT routers and open-source software elements.
Why zero-trust segmentation is critical for cloud resilienceIn this Help Net Security video, John Kindervag, zero trust creator and Chief Evangelist at Illumio, discusses how organizations need modern security approaches that offer them real-time visibility and containment by default to mitigate risk and optimize opportunities afforded by the cloud.
2024 brings changes in data security strategies2024 will be a revolutionary year for the data security landscape as Data Security Posture Management technology rapidly evolves to keep pace with the colossal amount of data being created, stored and shared within organizations and across business sectors, according to Metomic.
Ransomware in 2024: Anticipated impact, targets, and landscape shiftGovernment pressure will force some ransomware groups to disband or law enforcement will catch principal bad actors, but affiliates can attack themselves other groups.
Using AI and automation to manage human cyber riskIn this Help Net Security video, John Scott, Lead Cybersecurity Researcher at CultureAI, discusses how integrating AI and automation into your cybersecurity strategy can improve employee behaviors and reduce security incidents.
One rapidly growing area is information-stealing malware known as infostealers, which is malicious software designed to steal data.
New infosec products of the week: December 8, 2023Here's a look at the most interesting products from the past week, featuring releases from Atsign, Daon, Global Integrity, Living Security, Panther Labs, Searchlight Cyber, and Varonis.
This Cyber News was published on www.helpnetsecurity.com. Publication date: Sun, 10 Dec 2023 09:28:04 +0000