Onapsis researchers revealed a critical security configuration vulnerability that results from default installations in SAP systems which if left insecure, could lead to a full system compromise in unprotected environments. If exploited the impact could be full control of the system by hackers, putting business-critical ERP, HR, PII, Finance, and Supply Chain data and processes at risk. Most SAP systems are vulnerable The vulnerability, mainly driven by a security configuration originally documented by SAP in … More →
The post Most SAP systems vulnerable to critical security configuration risk appeared first on Help Net Security.
Yet another Drupal remote code execution vulnerability has been patched by the Drupal security team, who urge users to implement the offered updates immediately as the flaw is being actively exploited in the wild. The vulnerability (CVE-2018-7602) affects Drupal versions 7.x and 8.x. Users should upgrade to v7.59 and 8.5.3. Those who, for whatever reason, can’t implement the update can implement standalone patches, but before doing so they have to apply the fix from SA-CORE-2018-002 … More →
The post New Drupal RCE vulnerability under active exploitation, patch ASAP! appeared first on Help Net Security.
In this podcast recorded at RSA Conference 2018, John Delk, Chief Product Officer and the General Manager of the security product group at Micro Focus, talks about how Micro Focus’ solutions comprise an enterprise-grade security platform with built-in scalability and analytics to drive the future of security. Here’s a transcript of the podcast for your convenience. Hi, I’m John Delk, I’m the Chief Product Officer and the General Manager of the security product group here … More →
The post Tackle cyber threats in real time with the Micro Focus enterprise security platform appeared first on Help Net Security.
Google is slowly rolling out a number of changes for consumer Gmail users and G Suite users. Some of the changes improve usability and productivity, while others are meant to maximize data and user protection. Some of the new security options should help enterprise users meed GDPR compliance needs. New Gmail security features Gmail confidential mode will allow users to: Set expiration dates for emails or revoke previously sent messages Secure access to the contents … More →
Endpoint security solutions are failing to provide adequate protections to address today’s security threats, specifically malware, according to Minerva Labs. A majority of the respondents surveyed indicated a heightened concern of a major malware breach in the coming year and acknowledged that they require more than an AV solution on the endpoint to combat the rising threat. After a year of massive ransomware outbreaks, NSA state-grade exploit leaks, and an extraordinary number of cybersecurity meltdowns, … More →
The post Can existing endpoint security controls prevent a significant attack? appeared first on Help Net Security.
According to OWASP, “Insecure software is undermining our financial, healthcare, defense, energy and other critical infrastructure.” In its 2017 OWASP Top 10 Most Critical Web Application Security Risks, the authors argue that as software becomes increasingly complex, and connected, the difficulty of achieving application security increases exponentially. The rapid pace of modern software development processes makes the most common risks essential to discover and resolve quickly and accurately. Incapsula, a web application firewall (WAF) provider, … More →
The post Better code won’t save developers in the short run appeared first on Help Net Security.
Global business value derived from artificial intelligence (AI) is projected to total $1.2 trillion in 2018, an increase of 70 percent from 2017, according to Gartner. AI-derived business value is forecast to reach $3.9 trillion in 2022. The Gartner AI-derived business value forecast assesses the total business value of AI across all the enterprise vertical sectors covered by Gartner. There are three different sources of AI business value: customer experience, new revenue, and cost reduction. … More →
The post Global AI business value to reach $1.2 trillion in 2018 appeared first on Help Net Security.
Unknown attackers have managed to steal approximately $150,000 in Ethereum from a number of MyEtherWallet (MEW) users, after having successfully redirected them to a phishing site posing as MyEtherWallet.com. The redirection was seamless, and the only thing that gave some indication that the phishing site is not what it pretended to be was the warning showed to visitors saying that the TLS certificate used by the site was signed by an unknown authority (i.e., was … More →
The post MyEtherWallet users robbed after successful DNS hijacking attack appeared first on Help Net Security.
Researchers at Check Point and CyberInt, have discovered a new generation of phishing kit that is readily available on the Dark Web. A posting on the Dark Net that advertises the [A]pache phishing kit Created by a cyber-criminal known as ‘[A]pache’, the kit makes it simple for those with very little technical ability to carry out their own cyber-attack. By simply downloading this multi-functioning phishing kit and following the straightforward installation instructions, a threat actor … More →