access control

Compliance management strategies for protecting data in complex regulatory environments

Compliance management strategies for protecting data in complex regulatory environments 2024-09-26 at 07:02 By Mirko Zorz In this Help Net Security interview, Andrius Buinovskis, Head of Product at NordLayer, discusses how organizations can assess their compliance management and ensure they meet regulatory requirements. Buinovskis also addresses the challenges of managing multiple frameworks and offers strategies […]

Compliance management strategies for protecting data in complex regulatory environments Read More »

Apple releases iOS 18, with security and privacy improvements

Apple releases iOS 18, with security and privacy improvements 2024-09-17 at 15:46 By Zeljka Zorz Apple has launched iOS 18, the latest significant iteration of the operating system powering its iPhones. Along with many new features and welcome customization options, iOS 18 brings several changes for improving users’ security and privacy. A standalone Passwords app

Apple releases iOS 18, with security and privacy improvements Read More »

How AI and zero trust are transforming resilience strategies

How AI and zero trust are transforming resilience strategies 2024-09-11 at 07:01 By Mirko Zorz In this Help Net Security interview, John Hernandez, President and General Manager at Quest Software, shares practical advice for enhancing cybersecurity resilience against advanced threats. He underscores the need to focus on on-premises and cloud environments, adapt to new regulations,

How AI and zero trust are transforming resilience strategies Read More »

SonicWall patches critical flaw affecting its firewalls (CVE-2024-40766)

SonicWall patches critical flaw affecting its firewalls (CVE-2024-40766) 2024-08-26 at 21:32 By Zeljka Zorz SonicWall has patched a critical vulnerability (CVE-2024-40766) in its next-gen firewalls that could allow remote attackers unauthorized access to resources and, in specific conditions, to crash the appliances. About CVE-2024-40766 CVE-2024-40766 is an improper access control vulnerability in the “SonicWall SonicOS

SonicWall patches critical flaw affecting its firewalls (CVE-2024-40766) Read More »

Organizations fail to log 44% of cyber attacks, major exposure gaps remain

Organizations fail to log 44% of cyber attacks, major exposure gaps remain 2024-08-02 at 07:31 By Help Net Security 40% of tested environments allowed attack paths that lead to domain admin access, according to Picus Security. Achieving domain admin access is particularly concerning because it is the highest level of access within an organization’s IT

Organizations fail to log 44% of cyber attacks, major exposure gaps remain Read More »

How CISOs enable ITDR approach through the principle of least privilege

How CISOs enable ITDR approach through the principle of least privilege 2024-07-25 at 07:31 By Help Net Security Somewhere, right now, a CISO is in a boardroom making their best case for stronger identity threat detection and response (ITDR) initiatives to lower the risk of intrusion. For a good reason, too: Look no further than

How CISOs enable ITDR approach through the principle of least privilege Read More »

The CISO’s approach to AI: Balancing transformation with trust

The CISO’s approach to AI: Balancing transformation with trust 2024-07-23 at 07:31 By Help Net Security As organizations increasingly adopt third-party AI tools to streamline operations and gain a competitive edge, they also invite a host of new risks. Many companies are unprepared, lacking clear policies and adequate employee training to mitigate these new dangers.

The CISO’s approach to AI: Balancing transformation with trust Read More »

Overlooked essentials: API security best practices

Overlooked essentials: API security best practices 2024-07-17 at 07:31 By Mirko Zorz In this Help Net Security, Ankita Gupta, CEO at Akto, discusses API security best practices, advocating for authentication protocols like OAuth 2.0 and OpenID Connect, strict HTTPS encryption, and the use of JWTs for stateless authentication. Gupta recommends role-based access control (RBAC) and

Overlooked essentials: API security best practices Read More »

Risk related to non-human identities: Believe the hype, reject the FUD

Risk related to non-human identities: Believe the hype, reject the FUD 2024-07-15 at 08:01 By Help Net Security The hype surrounding unmanaged and exposed non-human identities (NHIs), or machine-to-machine credentials – such as service accounts, system accounts, certificates and API keys – has recently skyrocketed. A steady stream of NHI-related breaches is causing some of

Risk related to non-human identities: Believe the hype, reject the FUD Read More »

Maximizing productivity with Copilot for Microsoft 365: A security perspective

Maximizing productivity with Copilot for Microsoft 365: A security perspective 2024-06-13 at 06:31 By Help Net Security In this Help Net Security video, Brian Vecci, Field CTO at Varonis, talks about maximizing the potential of Microsoft Copilot for 365. He highlights its productivity benefits and addresses critical security challenges, providing actionable steps to ensure safe

Maximizing productivity with Copilot for Microsoft 365: A security perspective Read More »

The importance of access controls in incident response

The importance of access controls in incident response 2024-05-17 at 12:31 By Help Net Security The worst time to find out your company doesn’t have adequate access controls is when everything is on fire. The worst thing that can happen during an incident is that your development and operations teams are blocked from solving the

The importance of access controls in incident response Read More »

Who owns customer identity?

Who owns customer identity? 2024-04-18 at 07:31 By Help Net Security When I’m talking with prospective clients, I like to ask: which department owns customer identity? Everyone immediately looks towards a different team. While every team touches customer identity at some point, the teams that own it differ from organization to organization. From my experience,

Who owns customer identity? Read More »

AI set to enhance cybersecurity roles, not replace them

AI set to enhance cybersecurity roles, not replace them 2024-04-16 at 07:02 By Mirko Zorz In this Help Net Security interview, Caleb Sima, Chair of CSA AI Security Alliance, discusses how AI empowers security pros, emphasizing its role in enhancing skills and productivity rather than replacing staff. AI is seen as empowering rather than replacing

AI set to enhance cybersecurity roles, not replace them Read More »

Strengthening critical infrastructure cybersecurity is a balancing act

Strengthening critical infrastructure cybersecurity is a balancing act 2024-03-26 at 07:31 By Mirko Zorz In this Help Net Security interview, Aaron Crow, Senior Director at MorganFranklin Consulting, discusses critical infrastructure cybersecurity strategies, barriers to threat information sharing, and innovative technologies enhancing resilience against cyberattacks. How do current cybersecurity strategies address the critical infrastructure sectors’ unique

Strengthening critical infrastructure cybersecurity is a balancing act Read More »

AI and the future of corporate security

AI and the future of corporate security 2024-03-15 at 06:30 By Help Net Security In this Help Net Security video, Tracy Reinhold, CSO at Everbridge, discusses why AI technology must be embraced while also exploring some guardrails that must be in place to protect organizations against threats using AI to penetrate facilities. The post AI

AI and the future of corporate security Read More »

How advances in AI are impacting business cybersecurity

How advances in AI are impacting business cybersecurity 2024-03-12 at 07:52 By Help Net Security While ChatGPT and Bard have proven to be valuable tools for developers, marketers, and consumers, they also carry the risk of unintentionally exposing sensitive and confidential data. From a security point of view, it always pays to think one step

How advances in AI are impacting business cybersecurity Read More »

How threat actors abuse OAuth apps

How threat actors abuse OAuth apps 2024-02-08 at 06:31 By Help Net Security OAuth apps have become prominent in several attack groups’ TTPs in recent years. OAuth apps are used for every part of the attack process. In this Help Net Security video, Tal Skverer, Research Team Lead at Astrix Security, shares insights on how

How threat actors abuse OAuth apps Read More »

Prioritizing cybercrime intelligence for effective decision-making in cybersecurity

Prioritizing cybercrime intelligence for effective decision-making in cybersecurity 2024-01-29 at 07:32 By Mirko Zorz In this Help Net Security interview, Alon Gal, CTO at Hudson Rock, discusses integrating cybercrime intelligence into existing security infrastructures. Our discussion will cover a range of essential aspects, from the importance of continuous adaptation in cybersecurity strategies to practical advice

Prioritizing cybercrime intelligence for effective decision-making in cybersecurity Read More »

3 ways to combat rising OAuth SaaS attacks

3 ways to combat rising OAuth SaaS attacks 2024-01-16 at 07:31 By Help Net Security OAuth attacks are on the rise. In December, the Microsoft Threat Intelligence team observed threat actors misusing OAuth apps to take over a cloud server and mine cryptocurrency, establish persistence following business email compromise and launch spam activity using the

3 ways to combat rising OAuth SaaS attacks Read More »

Preventing insider access from leaking to malicious actors

Preventing insider access from leaking to malicious actors 2024-01-15 at 07:32 By Help Net Security In this Help Net Security video, John Morello, CTO of Gutsy, discusses the often-overlooked aspect of cybersecurity – the offboarding process. He outlines the real-world implications and potential impact on an organization’s security posture if off-boarding isn’t handled thoroughly. The

Preventing insider access from leaking to malicious actors Read More »

Scroll to Top