Microsoft fixes exploited zero-day, revokes certificate used to sign malicious drivers (CVE-2022-44698)

It’s December 2022 Patch Tuesday, and Microsoft has delivered fixes for 50+ vulnerabilities, including a Windows SmartScreen bypass flaw (CVE-2022-44698) exploited by attackers to deliver a variety of malware.... Read more »

State-sponsored attackers actively exploiting RCE in Citrix devices, patch ASAP! (CVE-2022-27518)

An unauthenticated remote code execution flaw (CVE-2022-27518) is being leveraged by a Chinese state-sponsored group to compromise Citrix Application Delivery Controller (ADC) deployments, the US National Security Agency has... Read more »

Critical FortiOS pre-auth RCE vulnerability exploited by attackers (CVE-2022-42475)

A critical RCE vulnerability (CVE-2022-42475) in Fortinet’s operating system, FortiOS, is being exploited by attackers, reportedly by a ransomware group. “Fortinet is aware of an instance where this vulnerability... Read more »

Analyzing Australia’s cyberthreat landscape, and what it means for the rest of the world

Australia has been the victim of damaging cyberattacks in the latter half of this year, with high-profile incidents impacting businesses across critical sectors such as telecoms, healthcare, and government.... Read more »

Cybersecurity predictions for 2023: Diversity is key

In this Help Net Security video, John Xereas, Executive Director, Technology Solutions at Raytheon Intelligence & Space, offers his cybersecurity predictions for 2023. Specifically, he talks about the need... Read more »

24% of technology applications contain high-risk security flaws

With, arguably, a higher proportion of applications to contend with than other industries, tech firms would benefit from implementing improved secure coding training and practices for their development teams.... Read more »

Privacy concerns are limiting data usage abilities

Access to data is significantly limited by data privacy and protection regulations, according to a survey conducted by Bloor Research. The report reveals that 60% of the data leaders... Read more »

eBook: 4 ways to secure passwords, avoid corporate account takeover

Enterprising cybercriminals don’t have to work very hard to gain access to your network and all the valuable information stored inside it. That’s because employee accounts are so easy... Read more »

Palo Alto Networks Xpanse Active ASM evaluates cyber risks

Palo Alto Networks has introduced a new Cortex capability: Xpanse Active Attack Surface Management, or Xpanse Active ASM. This helps security teams not just find but also fix their... Read more »

Veracode acquires Crashtest Security to improve web application security

Veracode has acquired Crashtest Security to enhance the existing DAST capabilities available as part of Veracode’s Continuous Software Security Platform and broaden customer access globally. Web applications are fast... Read more »
Subscribe to our Newsletter