Enterprise macOS users are being targeted by attackers slinging new information-stealing malware dubbed MetaStealer. The MetaStealer malware MetaStealer is delivered within malicious disk image format (.dmg) files. The names of the files – such as Advertising terms of reference (MacOS…
Category: Help Net Security
Microsoft Teams phishing: Enterprises targeted by ransomware access broker
A threat actor known for providing ransomware gangs with initial access to enterprise systems has been phishing employees via Microsoft Teams. “For this activity, Storm-0324 most likely relies on a publicly available tool called TeamsPhisher,” Microsoft threat researchers noted. About…
The rise and evolution of supply chain attacks
A supply chain attack is a cyberattack that focuses on a third-party supplier providing essential services or software to the supply chain. In this Help Net Security video, Dick O’Brien, Principal Intelligence Analyst in the Symantec Threat Hunter team, discusses…
Serial cybersecurity founders get back in the game
“I didn’t really have a choice,” says Ben Bernstein, the former CEO and co-founder of Twistlock (acquired by Palo Alto Networks in 2019) and the CEO and co-founder of a new cybersecurity startup that is still in stealth. “Building a…
How should SMBs navigate the phishing minefield?
In this Help Net Security interview, Pete Hoff, CISO at Wursta, offers advice to SMB security leaders and professionals on how to minimize the threat phishing presents to their organization’s operations and long-term success. What makes phishing attacks particularly challenging…
Privacy concerns cast a shadow on AI’s potential for software development
Organizations are optimistic about AI, but AI adoption requires attention to privacy and security, productivity, and training, according to GitLab. “The transformational opportunity with AI goes way beyond creating code,” said David DeSanto, CPO, GitLab. “According to the GitLab Global…
Latest fraud schemes targeting the payments ecosystem
Threat actors continued to exploit technical misconfigurations through various fraud schemes, according to a new report from Visa. These include the use of malvertising and search engine optimization (SEO) techniques to cultivate compelling and effective phishing and social engineering campaigns,…
Microsoft, Adobe fix zero-days exploited by attackers (CVE-2023-26369, CVE-2023-36761, CVE-2023-36802)
September 2023 Patch Tuesday is here, with fixes for actively exploited vulnerabilities in Adobe Acrobat and Reader (CVE-2023-26369), Microsoft Word (CVE-2023-36761), and Microsoft Streaming Service Proxy (CVE-2023-36802). Microsoft vulnerabilities of note Microsoft has delivered fixes for 61 CVE-numbered flaws: 5…
Sentra enhances data classification engine with LLMs to tackle data complexity and AI security
Sentra has unveiled that large language models (LLMs) are now included in its data classification engine, enabling enterprises to accurately identify and understand sensitive unstructured data such as employee contracts, source code and user generated content. With LLMs now built…
Kingston launches IronKey D500S, a hardware-encrypted USB flash drive
Kingston Digital has launched the Kingston IronKey D500S, a hardware-encrypted USB flash drive that provides military-grade security for classified data in transit. D500S is FIPS 140-3 Level 3 (Pending) certified with new enhancements from NIST requiring secure microprocessor upgrades for…