Google fixes yet another Chrome zero-day exploited in the wildFor the eighth time this year, Google has released an emergency update for its Chrome browser that fixes a zero-day vulnerability with an in-the-wild exploit.
Authelia: Open-source authentication and authorization serverAuthelia is an open-source authentication and authorization server that offers 2FA and SSO for applications through a web portal.
Fail2Ban: Ban hosts that cause multiple authentication errorsFail2Ban is an open-source tool that monitors log files, such as /var/log/auth.
Strategies for transitioning to a SASE architectureIn this Help Net Security, Prakash Mana, CEO at Cloudbrink, discusses the primary challenges companies face when transitioning to a SASE architecture and how to overcome them.
Strategies for combating AI-enhanced BEC attacksIn this Help Net Security interview, Robert Haist, CISO at TeamViewer, discusses how AI is being leveraged by cybercriminals to enhance the effectiveness of BEC scams.
Grafana: Open-source data visualization platformGrafana is an open-source solution for querying, visualizing, alerting, and exploring metrics, logs, and traces regardless of where they are stored.
Compromised courtroom recording software was served from vendor's official siteCourtroom recording software JAVS Viewer has been saddled with loader malware and has been served from the developer's site since at least April 2, a threat researcher has warned last month.
GitHub fixes maximum severity Enterprise Server auth bypass bugA critical, 10-out-of-10 vulnerability allowing unrestricted access to vulnerable GitHub Enterprise Server instances has been fixed by Microsoft-owned GitHub.
HHS pledges $50M for autonomous vulnerability management solution for hospitalsAs organizations in the healthcare sector continue to be a prime target for ransomware gangs and CISA warns about a vulnerability in a healthcare-specific platform being leveraged by attackers, the Advanced Research Projects Agency for Health has announced the Universal PatchinG and Remediation for Autonomous DEfense program aimed at developing a vulnerability management platform for healthcare IT teams.
Veeam fixes auth bypass flaw in Backup Enterprise ManagerVeeam has patched four vulnerabilities in Backup Enterprise Manager, one of which may allow attackers to bypass authentication and log in to its web interface as any user.
Critical Fluent Bit flaw affects major cloud platforms, tech companies' offeringsTenable researchers have discovered a critical vulnerability in Fluent Bit, a logging utility used by major cloud providers and tech companies, which may be leveraged for denial of service, information disclosure, or remote code execution.
PoC exploit for Ivanti EPMM privilege escalation flaw releasedTechnical details about and a proof-of-concept exploit for CVE-2024-22026, a privilege escalation bug affecting Ivanti EPMM, has been released by the vulnerability's reporter.
CISOs pursuing AI readiness should start by updating the org's email security policyOver the past few years, traditional phishing messages - with their pervasive linguistic errors, thinly-veiled malicious payloads, and often outlandish pretexts - have been on the decline.
Easily detected by most of today's standard email security tools, this prototypical form of phishing may soon be a thing of the past.
2024 sees continued increase in ransomware activityIn this Help Net Security video, Ryan Bell, Threat Intelligence Manager at Corvus Insurance, discusses how ransomware will continue to grow in 2024.
Consumers continue to overestimate their ability to spot deepfakesThe Jumio 2024 Online Identity Study reveals significant consumer concerns about the risks posed by generative AI and deepfakes, including the potential for increased cybercrime and identity fraud.
SEC requires financial institutions to notify customers of breaches within 30 daysThe Securities and Exchange Commission announced the adoption of amendments to Regulation S-P to modernize and enhance the rules that govern the treatment of consumers' nonpublic personal information by certain financial institutions.
Technological complexity drives new wave of identity risksSecurity leaders are facing increased technological and organizational complexity, which is creating a new wave of identity risks for their organizations, according to ConductorOne.
Product showcase: Alert - Data breach detector for your email, credit card, and IDWith Alert, you can easily monitor your most important credentials, such as your email, credit card, and ID. Alert will instantly notify you if it appears in breached online databases.
New infosec products of the week: May 24, 2024Here's a look at the most interesting products from the past week, featuring releases from CyberArk, OneTrust, PlexTrac, and Strike Graph.
This Cyber News was published on www.helpnetsecurity.com. Publication date: Sun, 26 May 2024 19:13:08 +0000