Don't miss - Security Ticks

Using AI and automation to manage human cyber risk

Artificial Intelligence, automation, CultureAI, cybersecurity, Don't miss, Hot stuff, human error, Risk Management, strategy, Video / SecurityTicks

Using AI and automation to manage human cyber risk 07/12/2023 at 08:02 By Help Net Security Despite advanced security protocols, many cybersecurity incidents are still caused by employee actions. In this Help Net Security video, John Scott, Lead Cybersecurity Researcher at CultureAI, discusses how integrating AI and automation into your cybersecurity strategy can improve employee […]

React to this headline:

Using AI and automation to manage human cyber risk Read More »

Atlassian fixes four critical RCE vulnerabilities, patch quickly!

Atlassian, Atlassian Confluence, BitBucket, Don't miss, Hot stuff, Jira Software, News, security update, vulnerability / SecurityTicks

Atlassian fixes four critical RCE vulnerabilities, patch quickly! 06/12/2023 at 18:01 By Helga Labus Atlassian has released security updates for four critical vulnerabilities (CVE-2023-1471, CVE-2023-22522, CVE-2023-22524, CVE-2023-22523) in its various offerings that could be exploited to execute arbitrary code. About the vulnerabilities CVE-2022-1471 is a deserialization flaw in the SnakeYAML library for Java that can

React to this headline:

Atlassian fixes four critical RCE vulnerabilities, patch quickly! Read More »

CISA: Adobe ColdFusion flaw leveraged to access government servers (CVE-2023-26360)

Adobe ColdFusion, CISA, Don't miss, exploit, Government, Hot stuff, News, vulnerability / SecurityTicks

CISA: Adobe ColdFusion flaw leveraged to access government servers (CVE-2023-26360) 06/12/2023 at 17:46 By Helga Labus Unknown attackers have leveraged a critical vulnerability (CVE-2023-26360) in the Adobe ColdFusion application development platform to access government servers, the Cybersecurity and Infrastructure Security Agency (CISA) has shared. About the exploited vulnerability CVE-2023-26360 is a deserialization of untrusted data

React to this headline:

CISA: Adobe ColdFusion flaw leveraged to access government servers (CVE-2023-26360) Read More »

Product showcase: Apiiro unifies AppSec and SSCS in a deep ASPM

Apiiro, cybersecurity, Don't miss, News, Product showcase, software / SecurityTicks

Product showcase: Apiiro unifies AppSec and SSCS in a deep ASPM 06/12/2023 at 17:02 By Help Net Security With the rapidly evolving threat landscape and complexity of interconnected applications, identifying real, business-critical application risks is more challenging than ever. Application security teams need a better solution than their current siloed tools and ad hoc processes

React to this headline:

Product showcase: Apiiro unifies AppSec and SSCS in a deep ASPM Read More »

Microsoft will offer extended security updates for Windows 10

consumer, Don't miss, end of support, enterprise, Hot stuff, News, security update, Windows / SecurityTicks

Microsoft will offer extended security updates for Windows 10 06/12/2023 at 16:16 By Zeljka Zorz Microsoft will not abandon Windows 10 users to an insecure fate once it reaches end of support (EOS) on October 14, 2025: both enterprises and individual consumers will be able receive Extended Security Updates (ESU), but will have to pay

React to this headline:

Microsoft will offer extended security updates for Windows 10 Read More »

21 high-risk vulnerabilities in OT/IoT routers found

Don't miss, Forescout, Hot stuff, Internet of Things, News, open source, Sierra Wireless, software, vulnerability / SecurityTicks

21 high-risk vulnerabilities in OT/IoT routers found 06/12/2023 at 12:53 By Help Net Security Forescout detailed the discovery of 21 new vulnerabilities in OT/IoT routers and open-source software elements. The “SIERRA:21 – Living on the Edge” report features research into Sierra Wireless AirLink cellular routers and some open-source components, such as TinyXML and OpenNDS. Sierra

React to this headline:

21 high-risk vulnerabilities in OT/IoT routers found Read More »

Three security data predictions for 2024

Comcast, Compliance, cybersecurity, data security, Don't miss, Expert analysis, Expert corner, GRC, Hot stuff, News, opinion, PCI DSS, regulation, SIEM / SecurityTicks

Three security data predictions for 2024 06/12/2023 at 08:32 By Help Net Security How do companies protect their digital environments in a world where everything is growing more complex, quickly – data, customer expectations, cyber threats and more? It’s difficult: Adversaries are adopting and using AI and even generative AI-based technologies against enterprises. Nation-state cyber

React to this headline:

Three security data predictions for 2024 Read More »

5 open-source tools for pentesting Kubernetes you should check out

Don't miss, GitHub, Hot stuff, Kubernetes, News, open source, penetration testing, software / SecurityTicks

5 open-source tools for pentesting Kubernetes you should check out 06/12/2023 at 08:02 By Help Net Security Kubernetes, often called K8s, is an open-source platform designed to automate the deployment, scaling, and operations of containerized applications. Kubernetes has become a critical part of the infrastructure for many organizations. However, with its widespread adoption, Kubernetes environments

React to this headline:

5 open-source tools for pentesting Kubernetes you should check out Read More »

Why zero-trust segmentation is critical for cloud resilience

Cloud, cybersecurity, data, Don't miss, Hot stuff, Illumio, strategy, Video, zero trust / SecurityTicks

Why zero-trust segmentation is critical for cloud resilience 06/12/2023 at 07:31 By Help Net Security Nearly all organizations rely on the cloud to store sensitive data and run critical systems. But for many, cloud security hasn’t kept up. 93% agree that zero-trust segmentation is essential to their cloud security strategy. In this Help Net Security

React to this headline:

Why zero-trust segmentation is critical for cloud resilience Read More »

Kali Linux 2023.4 released: New tools, Kali for Raspberry Pi 5, and more!

Don't miss, Hot stuff, Kali Linux, Linux, News, OffSec, open source, penetration testing / SecurityTicks

Kali Linux 2023.4 released: New tools, Kali for Raspberry Pi 5, and more! 05/12/2023 at 21:31 By Zeljka Zorz OffSec (previously Offensive Security) has released Kali Linux 2023.4, the latest version of its penetration testing and digital forensics platform. New tools in Kali Linux 2023.4 The list of tools freshly added to Kali Linux includes:

React to this headline:

Kali Linux 2023.4 released: New tools, Kali for Raspberry Pi 5, and more! Read More »

Russian hackers use old Outlook vulnerability to target Polish orgs (CVE-2023-23397)

APT, cyber espionage, Don't miss, Email, EU, Hot stuff, Microsoft, Microsoft Exchange, News, Outlook, vulnerability / SecurityTicks

Russian hackers use old Outlook vulnerability to target Polish orgs (CVE-2023-23397) 05/12/2023 at 17:47 By Helga Labus Russian state-backed hacking group Forest Blizzard (aka Fancy Bear, aka APT28) has been using a known Microsoft Outlook vulnerability (CVE-2023-23397) to target public and private entities in Poland, Polish Cyber Command has warned. Compromising email accounts and maintaining

React to this headline:

Russian hackers use old Outlook vulnerability to target Polish orgs (CVE-2023-23397) Read More »

SessionProbe: Open-source multi-threaded pentesting tool

Don't miss, GitHub, Hot stuff, News, open source, penetration testing, software / SecurityTicks

SessionProbe: Open-source multi-threaded pentesting tool 05/12/2023 at 09:03 By Mirko Zorz SessionProbe is a multi-threaded pentesting tool designed to evaluate user privileges in web applications. It takes a user’s session token and checks for a list of URLs if access is possible, highlighting potential authorization issues. It deduplicates URL lists and provides real-time logging and

React to this headline:

SessionProbe: Open-source multi-threaded pentesting tool Read More »

How AI is revolutionizing “shift left” testing in API security

API security, Application Security, Artificial Intelligence, Cequence Security, cybersecurity, Don't miss, Expert analysis, Expert corner, Hot stuff, News, opinion / SecurityTicks

How AI is revolutionizing “shift left” testing in API security 05/12/2023 at 08:33 By Help Net Security Catching coding errors in API preproduction, before they are spun up and go live is critical in preventing exploitable vulnerabilities. It’s why we’ve seen “shift left” become a significant focus in API development, whereby DevOps takes responsibility for

React to this headline:

How AI is revolutionizing “shift left” testing in API security Read More »

Advanced ransomware campaigns expose need for AI-powered cyber defense

Artificial Intelligence, attacks, cybersecurity, Deep Instinct, Don't miss, Features, Hot stuff, machine learning, News, opinion, Ransomware, skill development, SOC / SecurityTicks

Advanced ransomware campaigns expose need for AI-powered cyber defense 05/12/2023 at 08:02 By Mirko Zorz In this Help Net Security interview, Carl Froggett, CIO at Deep Instinct, discusses emerging trends in ransomware attacks, emphasizing the need for businesses to use advanced AI technologies, such as deep learning (DL), for prevention rather than just detection and

React to this headline:

Advanced ransomware campaigns expose need for AI-powered cyber defense Read More »

Exploring the impact of generative AI in the 2024 presidential election

cybersecurity, Don't miss, Fortra, generative AI, Hot stuff, social engineering, social media, Video / SecurityTicks

Exploring the impact of generative AI in the 2024 presidential election 05/12/2023 at 07:32 By Help Net Security 2024 is a presidential election year in the US. 2016 and 2020 both saw impressive increases in attempts to influence voters through crafty propaganda and social media campaigns run by bots and expert social engineers, along with

React to this headline:

Exploring the impact of generative AI in the 2024 presidential election Read More »

eBook: Defending the Infostealer Threat

Don't miss, Enzoic, News, Whitepapers and webinars / SecurityTicks

eBook: Defending the Infostealer Threat 05/12/2023 at 06:48 By Help Net Security Enterprises’ increasing digital reliance has fueled an array of cybersecurity threats. One rapidly growing area is information-stealing malware known as infostealers, which is malicious software designed to steal data. Unlike ransomware, where information is held hostage, infostealer attacks happen covertly, and the growth

React to this headline:

eBook: Defending the Infostealer Threat Read More »

CyberAv3ngers hit Unitronics PLCs at multiple US-based water facilities

Check Point, CISA, critical infrastructure, Don't miss, Hot stuff, Israel, NCSC, News, PLC, USA / SecurityTicks

CyberAv3ngers hit Unitronics PLCs at multiple US-based water facilities 04/12/2023 at 16:48 By Helga Labus Iran-affiliated attackers CyberAv3ngers continue to exploit vulnerable Unitronics programmable logic controllers (PLCs), US and Israeli authorities have said in a joint cybersecurity advisory. CyberAv3ngers targeting Unitronics PLCs CISA has recently confirmed that Iran-affiliated attackers took over a Unitronics Vision Series

React to this headline:

CyberAv3ngers hit Unitronics PLCs at multiple US-based water facilities Read More »

Booking.com customers targeted in hotel booking scam

account hijacking, Don't miss, hospitality industry, Hot stuff, Malware, News, Perception Point, scams, SecureWorks, social engineering / SecurityTicks

Booking.com customers targeted in hotel booking scam 04/12/2023 at 13:31 By Helga Labus Scammers are hijacking hotels’ Booking.com accounts and using them as part of a hotel booking scam aimed at tricking guests into sharing their payment card information. “Customers of multiple properties received email or in-app messages from Booking.com that purported to be from

React to this headline:

Booking.com customers targeted in hotel booking scam Read More »

Put guardrails around AI use to protect your org, but be open to changes

Artificial Intelligence, ChatGPT, CISO, cybersecurity, Don't miss, Expert analysis, Expert corner, generative AI, Hot stuff, News, NS1, opinion, regulation / SecurityTicks

Put guardrails around AI use to protect your org, but be open to changes 04/12/2023 at 08:31 By Help Net Security Artificial intelligence (AI) is a topic that’s currently on everyone’s minds. While in some industries there is concern it could replace workers, other industries have embraced it as a game-changer for streamlining processes, automating

React to this headline:

Put guardrails around AI use to protect your org, but be open to changes Read More »

The AI readiness race and where global companies stand

Artificial Intelligence, Cisco, cybersecurity, Don't miss, Hot stuff, strategy, Video / SecurityTicks

The AI readiness race and where global companies stand 04/12/2023 at 08:01 By Help Net Security According to Cisco, only 14% of organizations worldwide are ready to implement and utilize AI technologies. The report found that 61% of respondents indicated they have a maximum of one year to deploy their AI strategy before there’s a

React to this headline:

The AI readiness race and where global companies stand Read More »

Don’t miss