Microsoft’s December 2023 Patch Tuesday is a light one: 33 patches, only four of which are deemed critical. “This month, Microsoft did not patch any zero-day vulnerabilities, marking only the second time in 2023 that no zero-days were fixed (June…
Category: Help Net Security
DataDome Device Check blocks bots from the first request
DataDome announced it is taking its bot protection offerings to a whole new level by enabling a new challenge response for customers, called Device Check. This invisible challenge works behind the scenes, validating device-specific signals with proofs of work –…
Censys unveils two new product tiers to help researchers enhance their threat hunting work
Censys announced two new product tiers of its search tool, Censys Search Solo and Censys Search Teams. These additions are part of a series of strategic initiatives to enhance the security community, including the introduction of Threat Hunting Boot Camps,…
Lazarus exploit Log4Shell vulnerability to deliver novel RAT malware
North Korea-backed group Lazarus has been spotted exploiting the Log4Shell vulnerability (CVE-2021-44228) and novel malware written in DLang (i.e., the memory-safe D programming language). “This campaign consists of continued opportunistic targeting of enterprises globally that publicly host and expose their…
Recruiters, beware of cybercrooks posing as job applicants!
Recruiters are being targeted via spear-phishing emails sent by cybercrooks impersonating job applicants, Proofpoint researchers are warning. “The tone and content of the emails suggest to the recipient the actor is a legitimate candidate, and because the actor specifically targets…
Calamu expands support for a wide array of enterprise applications
Calamu announced expanded support for enterprise applications through interoperability of a Calamu Data Harbor with the industry recognized S3-API protocol in the latest release of their flagship product, Calamu Protect Version 2.0. This data security technology integrates seamlessly into existing…
“Pool Party” process injection techniques evade EDRs
SafeBreach researchers have discovered eight new process injection techniques that can be used to covertly execute malicious code on Windows systems. Dubbed “Pool Party” because they (ab)use Windows thread pools, these process injection techniques work across all processes and, according…
BT collaborates with Netskope to minimize the risk of cyber threats
BT and Netskope announced a partnership to bring Netskope’s Security Service Edge (SSE) capabilities to BT’s global customers. The partnership follows a number of large customer implementations where the two companies have already collaborated to successfully meet the security and…
Many popular websites still cling to password creation policies from 1985
A significant number of popular websites still allow users to choose weak or even single-character passwords, researchers at Georgia Institute of Technology have found. Websites’ lax creation policies for passwords The researchers used an automated account creation method to assess…
Nemesis: Open-source offensive data enrichment and analytic pipeline
Nemesis is a centralized data processing platform that ingests, enriches, and performs analytics on offensive security assessment data (i.e., data collected during penetration tests and red team engagements). Nemesis was created by Lee Chagolla-Christensen and Will Schroeder, both security researchers…