cybersecurity

Prowler: Open-source security tool for AWS, Google Cloud Platform, Azure

Prowler: Open-source security tool for AWS, Google Cloud Platform, Azure 2024-02-07 at 07:31 By Mirko Zorz Prowler is an open-source security tool designed to assess, audit, and enhance the security of AWS, GCP, and Azure. It’s also equipped for incident response, continuous monitoring, hardening, and forensics preparation. Details The tool includes hundreds of controls that […]

Prowler: Open-source security tool for AWS, Google Cloud Platform, Azure Read More »

Enhancing adversary simulations: Learn the business to attack the business

Enhancing adversary simulations: Learn the business to attack the business 2024-02-07 at 07:01 By Mirko Zorz In this Help Net Security interview, Jamieson O’Reilly, Founder of DVULN, discusses adversary simulations, shedding light on challenges rooted in human behavior, decision-making, and responses to evolving cyber threats. Unveiling the interplay between red and blue teams, O’Reilly talks

Enhancing adversary simulations: Learn the business to attack the business Read More »

Demystifying SOC-as-a-Service (SOCaaS)

Demystifying SOC-as-a-Service (SOCaaS) 2024-02-07 at 06:31 By Help Net Security Threat actors aren’t looking for companies of specific sizes or industries, they are looking for opportunities. Given that many companies operate in the dark and overlook breaches until ransomware attacks occur, this makes the threat actors’ job easy. It also underscores the urgency for proactive

Demystifying SOC-as-a-Service (SOCaaS) Read More »

Cybersecurity teams hesitate to use automation in TDIR workflows

Cybersecurity teams hesitate to use automation in TDIR workflows 2024-02-07 at 06:01 By Help Net Security Despite reported threat detection, investigation, and response (TDIR) improvements in security operations, more than half of organizations still experienced significant security incidents in the last year, according to Exabeam. North America experienced the highest rate of security incidents (66%),

Cybersecurity teams hesitate to use automation in TDIR workflows Read More »

ResumeLooters target job search sites in extensive data heist

ResumeLooters target job search sites in extensive data heist 2024-02-06 at 12:47 By Help Net Security Group-IB identified a large-scale malicious campaign primarily targeting job search and retail websites of companies in the Asia-Pacific region. The group, dubbed ResumeLooters, successfully infected at least 65 websites between November and December 2023 through SQL injection and XSS

ResumeLooters target job search sites in extensive data heist Read More »

How CISOs navigate policies and access across enterprises

How CISOs navigate policies and access across enterprises 2024-02-06 at 08:01 By Mirko Zorz In this Help Net Security interview, Marco Eggerling, Global CISO at Check Point, discusses the challenge of balancing data protection with diverse policies, devices, and access controls in a distributed enterprise. He also highlights the significance of security validations, especially internal

How CISOs navigate policies and access across enterprises Read More »

3 ways to achieve crypto agility in a post-quantum world

3 ways to achieve crypto agility in a post-quantum world 2024-02-06 at 07:31 By Help Net Security Working at the speed of digital business is a constant challenge. But in today’s increasingly automated operational environment, crypto agility—i.e., an organization’s ability to (at the moment of compromise) switch rapidly and seamlessly between certificate authorities, encryption standards

3 ways to achieve crypto agility in a post-quantum world Read More »

10 must-read cybersecurity books for 2024

10 must-read cybersecurity books for 2024 2024-02-06 at 07:01 By Help Net Security Our list of cybersecurity books has been curated to steer your professional growth in 2024. This selection aims to provide comprehensive information security insights and knowledge, ensuring you stay ahead in your career learning journey throughout the year. Cyber for Builders: The

10 must-read cybersecurity books for 2024 Read More »

Latio Application Security Tester: Use AI to scan your code

Latio Application Security Tester: Use AI to scan your code 2024-02-05 at 08:02 By Mirko Zorz Latio Application Security Tester is an open-source tool that enables the usage of OpenAI to scan code from the CLI for security and health issues. Features and future plans James Berthoty, the creator of Latio Application Security Tester, told

Latio Application Security Tester: Use AI to scan your code Read More »

Researchers discover exposed API secrets, impacting major tech tokens

Researchers discover exposed API secrets, impacting major tech tokens 2024-02-05 at 07:33 By Help Net Security Escape’s security research team scanned 189.5 million URLs and found more than 18,000 exposed API secrets. 41% of exposed secrets were highly critical, i.e. could lead to financial risks for the organizations. Exposed API secrets The exposed secrets include

Researchers discover exposed API secrets, impacting major tech tokens Read More »

How cybersecurity strategies adapt to evolving threats

How cybersecurity strategies adapt to evolving threats 2024-02-05 at 06:31 By Help Net Security Cybersecurity strategies are essential components of modern organizations, designed to protect digital assets, sensitive information, and overall business continuity from potential cyber threats. As technology advances, the complexity and frequency of cyber attacks continue to grow, making it imperative for businesses

How cybersecurity strategies adapt to evolving threats Read More »

Migrating to the cloud: An overview of process and strategy

Migrating to the cloud: An overview of process and strategy 2024-02-05 at 06:01 By Help Net Security Over the next few years, the number of organizations navigating to the cloud to advance their business goals is expected to grow exponentially. According to Gartner, more than 70% of enterprises will use cloud platforms to accelerate their

Migrating to the cloud: An overview of process and strategy Read More »

NIS2 Directive raises stakes for security leaders

NIS2 Directive raises stakes for security leaders 2024-02-02 at 08:01 By Mirko Zorz In this Help Net Security interview, Roland Palmer, VP Global Operations Center at Sumo Logic, discusses key challenges and innovations of the NIS2 Directive, aiming to standardize cybersecurity practices across sectors. NIS2 mandates minimal cybersecurity requirements for member companies, encompassing policies on

NIS2 Directive raises stakes for security leaders Read More »

DDoS attack power skyrockets to 1.6 Tbps

DDoS attack power skyrockets to 1.6 Tbps 2024-02-02 at 07:31 By Help Net Security DDoS attack trends for the second half of 2023 reveal alarming developments in their scale and sophistication, according to Gcore. The maximum attack power rose from 800 Gbps (1H 2023) to 1.6 Tbps. UDP floods continue to dominate, constituting 62% of

DDoS attack power skyrockets to 1.6 Tbps Read More »

Crowdsourced security is not just for tech companies anymore

Crowdsourced security is not just for tech companies anymore 2024-02-02 at 07:01 By Help Net Security There is a misconception that only software and technology companies leverage crowdsourced security. However, data contradicts this belief. Companies across various sectors are increasingly adopting crowdsourced security, as reported by Bugcrowd. The government industry sector saw the fastest growth

Crowdsourced security is not just for tech companies anymore Read More »

EU adopts first cybersecurity certification scheme for safer tech

EU adopts first cybersecurity certification scheme for safer tech 2024-02-02 at 06:33 By Help Net Security The European Commission adopted the implementing regulation concerning the EU cybersecurity certification scheme on Common Criteria (EUCC). The outcome aligns with the candidate cybersecurity certification scheme on EUCC that ENISA drafted in response to a request issued by the

EU adopts first cybersecurity certification scheme for safer tech Read More »

Malicious logins from suspicious infrastructure fuel identity-based incidents

Malicious logins from suspicious infrastructure fuel identity-based incidents 2024-02-02 at 06:01 By Help Net Security 69% of identity-based incidents involved malicious logins from suspicious infrastructure, which are hosting providers or proxies that aren’t expected for a user or organization, according to Expel. Identity-based incidents accounted for 64% of all incidents investigated by the Expel SOC,

Malicious logins from suspicious infrastructure fuel identity-based incidents Read More »

Custom rules in security tools can be a game changer for vulnerability detection

Custom rules in security tools can be a game changer for vulnerability detection 2024-02-01 at 07:32 By Mirko Zorz In this Help Net interview, Isaac Evans, CEO at Semgrep, discusses the balance between speed and thoroughness in CI/CD pipeline security scanning. Stressing the need to avoid slowing down the process, he recommends a nuanced approach,

Custom rules in security tools can be a game changer for vulnerability detection Read More »

CVEMap: Open-source tool to query, browse and search CVEs

CVEMap: Open-source tool to query, browse and search CVEs 2024-02-01 at 07:01 By Mirko Zorz CVEMap is an open-source command-line interface (CLI) tool that allows you to explore Common Vulnerabilities and Exposures (CVEs). It’s designed to offer a streamlined and user-friendly interface for navigating vulnerability databases. Although CVEs are crucial for pinpointing and discussing security

CVEMap: Open-source tool to query, browse and search CVEs Read More »

Unpacking the challenges of AI cybersecurity

Unpacking the challenges of AI cybersecurity 2024-02-01 at 06:31 By Help Net Security As organizations handle increasing amounts of data daily, AI offers advanced capabilities that would be harder to achieve with traditional methods. In this Help Net Security video, Tyler Young, CISO at BigID, explores AI’s challenges, triumphs, and future in cybersecurity. The post

Unpacking the challenges of AI cybersecurity Read More »

Scroll to Top