Don't miss - Security Ticks

SubSnipe: Open-source tool for finding subdomains vulnerable to takeover

cybersecurity, Don't miss, GitHub, Hot stuff, News, open source, penetration testing, software / SecurityTicks

SubSnipe: Open-source tool for finding subdomains vulnerable to takeover 2024-07-17 at 07:01 By Mirko Zorz SubSnipe is an open-source, multi-threaded tool to help find subdomains vulnerable to takeover. It’s simpler, produces better output, and has more fingerprints than other subdomain takeover tools. “SubSnipe does some additional verification after the fingerprinting to find candidates more likely […]

SubSnipe: Open-source tool for finding subdomains vulnerable to takeover Read More »

Void Banshee APT exploited “lingering Windows relic” in zero-day attacks

APT, Check Point, CVE, Don't miss, Hot stuff, Internet Explorer, News, spear-phishing, Trend Micro, Windows / SecurityTicks

Void Banshee APT exploited “lingering Windows relic” in zero-day attacks 2024-07-16 at 16:46 By Zeljka Zorz The zero-day exploit used to leverage CVE-2024-38112, a recently patched Windows MSHTML vulnerability, was wielded by an APT group dubbed Void Banshee to deliver malware to targets in North America, Europe, and Southeast Asia, threat hunters with Trend Micro’s

Void Banshee APT exploited “lingering Windows relic” in zero-day attacks Read More »

SYS01 info-stealer pushed via Facebook ads, LinkedIn and YouTube posts

account hijacking, Don't miss, Facebook, Hot stuff, LinkedIn, malvertising, Malware, News, Trustwave / SecurityTicks

SYS01 info-stealer pushed via Facebook ads, LinkedIn and YouTube posts 2024-07-16 at 13:16 By Zeljka Zorz Malicious Google ads are a well known threat, but malvertising can also be found on other popular online destinations such as Facebook, LinkedIn, and YouTube. Case in point: an enduring campaign that aims to infect Facebook users with the

SYS01 info-stealer pushed via Facebook ads, LinkedIn and YouTube posts Read More »

ChatGPTriage: How can CISOs see and control employees’ AI use?

Artificial Intelligence, ChatGPT, CISO, Compliance, cybersecurity, Don't miss, Expert analysis, Expert corner, generative AI, Hot stuff, News, opinion, Privacy, WitnessAI / SecurityTicks

ChatGPTriage: How can CISOs see and control employees’ AI use? 2024-07-16 at 08:01 By Help Net Security It’s been less than 18 months since the public introduction of ChatGPT, which gained 100 million users in less than two months. Given the hype, you would expect enterprise adoption of generative AI to be significant, but it’s

ChatGPTriage: How can CISOs see and control employees’ AI use? Read More »

Managing exam pressure: Tips for certification preparation

Artificial Intelligence, certification, cybersecurity, Don't miss, Features, Hot stuff, News, opinion, skill development, Udemy / SecurityTicks

Managing exam pressure: Tips for certification preparation 2024-07-16 at 07:32 By Mirko Zorz In this Help Net Security interview, Seth Hodgson, SVP of Engineering at Udemy, discusses effective study techniques for cybersecurity certification exams. Hodgson discusses the role of study groups, online forums, and professional networks in certification preparation and shares strategies for maintaining motivation

Managing exam pressure: Tips for certification preparation Read More »

Firmware update hides Bluetooth fingerprints

Bluetooth, cybersecurity, Don't miss, hardware, News / SecurityTicks

Firmware update hides Bluetooth fingerprints 2024-07-16 at 07:03 By Help Net Security A smartphone’s unique Bluetooth fingerprint could be used to track the device’s user–until now. A team of researchers has developed a simple firmware update that can completely hide the Bluetooth fingerprint, eliminating the vulnerability. Bluetooth signals from mobile devices pose privacy risks The

Firmware update hides Bluetooth fingerprints Read More »

Critical Exim vulnerability facilitates malware delivery (CVE-2024-39929)

Censys, CVE, Don't miss, email security, Exim, Hot stuff, Malware, News, vulnerability / SecurityTicks

Critical Exim vulnerability facilitates malware delivery (CVE-2024-39929) 2024-07-15 at 14:20 By Zeljka Zorz The maintainers of the Exim mail transfer agent (MTA) have fixed a critical vulnerability (CVE-2024-39929) that currently affects around 1.5 million public-facing servers and can help attackers deliver malware to users. About CVE-2024-39929 The vulnerability stems from a bug in RFC 2231

Critical Exim vulnerability facilitates malware delivery (CVE-2024-39929) Read More »

Risk related to non-human identities: Believe the hype, reject the FUD

access control, credentials, cybersecurity, Don't miss, Expert analysis, Expert corner, Hot stuff, identity, identity management, News, opinion, Sweet Security / SecurityTicks

Risk related to non-human identities: Believe the hype, reject the FUD 2024-07-15 at 08:01 By Help Net Security The hype surrounding unmanaged and exposed non-human identities (NHIs), or machine-to-machine credentials – such as service accounts, system accounts, certificates and API keys – has recently skyrocketed. A steady stream of NHI-related breaches is causing some of

Realm: Open-source adversary emulation framework

cybersecurity, Don't miss, GitHub, Hot stuff, News, open source, red team, software / SecurityTicks

Realm: Open-source adversary emulation framework 2024-07-15 at 07:32 By Mirko Zorz Realm is an open-source adversary emulation framework emphasizing scalability, reliability, and automation. It’s designed to handle engagements of any size. “Realm is unique in its custom interpreter written in Rust. This allows us to write complex TTPs as code. With these actions as code,

Realm: Open-source adversary emulation framework Read More »

Discover the growing threats to data security

Artificial Intelligence, Bedrock Security, cybersecurity, data management, data security, Don't miss, Features, Hot stuff, News, opinion, regulation, strategy / SecurityTicks

Discover the growing threats to data security 2024-07-15 at 07:01 By Mirko Zorz In this Help Net Security interview, Pranava Adduri, CEO at Bedrock Security, discusses how businesses can identify and prioritize their data security risks. Adduri emphasizes the necessity of ongoing monitoring and automation to keep up with evolving threats and maintain the shortest

Discover the growing threats to data security Read More »

Encrypted traffic: A double-edged sword for network defenders

Don't miss, Encryption, Hot stuff, network, Privacy, Stamus Networks, Video / SecurityTicks

Encrypted traffic: A double-edged sword for network defenders 2024-07-15 at 06:31 By Help Net Security Organizations are ramping up their use of encrypted traffic to lock down data. Could they be making it easier to hide threats in the process? On one hand, encryption means enhanced privacy, but it can also make the job of

Encrypted traffic: A double-edged sword for network defenders Read More »

Hackers stole call, text records of “nearly all” of AT&T’s cellular customers

account protection, AT&T, attacks, cloud security, cybercrime, data breach, Don't miss, Hot stuff, News, Privacy, Snowflake / SecurityTicks

Hackers stole call, text records of “nearly all” of AT&T’s cellular customers 2024-07-12 at 15:31 By Zeljka Zorz Hackers leveraging stolen Snowflake account credentials have stolen records of calls and texts made by “nearly all” of AT&T’s cellular customers from May to October 2022, the company has confirmed. “The data does not contain the content

Hackers stole call, text records of “nearly all” of AT&T’s cellular customers Read More »

Info of 2,3+ million individuals stolen in Advance Auto Parts data breach

account protection, cloud security, data breach, Don't miss, enterprise, Hot stuff, MFA, News, Snowflake / SecurityTicks

Info of 2,3+ million individuals stolen in Advance Auto Parts data breach 2024-07-12 at 14:46 By Zeljka Zorz Personal information of over 2,3 million individuals has been stolen by attackers as part of the massive data grab via compromised Snowflake accounts without MFA protection, Advance Auto Parts has confirmed by filing notices with the attorney

Info of 2,3+ million individuals stolen in Advance Auto Parts data breach Read More »

How to design a third-party risk management framework

Beaconer, Compliance, cybersecurity, Don't miss, Expert analysis, Expert corner, framework, Hot stuff, Incident Response, News, opinion, Risk Management, security controls / SecurityTicks

How to design a third-party risk management framework 2024-07-12 at 07:31 By Help Net Security Most organizations focus on securing routers, servers, firewalls, and other endpoints, but threats can also arise from unfamiliar sources such as third-party networks, which can be used by hackers to attack an organization. Through a strong TPRM framework, companies gain

How to design a third-party risk management framework Read More »

Managing cyberattack fallout: Financial and operational damage

access management, Aspida, cyberattacks, cybersecurity, Data Protection, digital transformation, disaster recovery, Don't miss, Features, Hot stuff, News, opinion, penetration testing, Risk Management, strategy / SecurityTicks

Managing cyberattack fallout: Financial and operational damage 2024-07-12 at 07:01 By Mirko Zorz In this Help Net Security, Ashley Harrington, Director of Cybersecurity at Aspida, discusses the impact of cyberattack on business operations and financial health. Beyond immediate disruptions and financial burdens, cyber incident can severely damage a company’s reputation among customers and partners. Can

Managing cyberattack fallout: Financial and operational damage Read More »

Using Authy? Beware of impending phishing attempts

2FA, API security, authentication, CCC, cloud security, Data leak, Don't miss, Hot stuff, MFA, News, phishing, Twilio / SecurityTicks

Using Authy? Beware of impending phishing attempts 2024-07-11 at 15:46 By Zeljka Zorz Do you use Authy for your multi-factor authentication needs? If you do, you should keep an eye out for phishing attempts, as well as implement defenses against SIM swapping attacks. What happened? On July 1, Twilio – the company that develops the

Using Authy? Beware of impending phishing attempts Read More »

How AI helps decode cybercriminal strategies

Artificial Intelligence, cybercriminals, cybersecurity, dark web, Don't miss, Expert analysis, Expert corner, Hot stuff, News, opinion, Searchlight Cyber, threat, Threat Intelligence / SecurityTicks

How AI helps decode cybercriminal strategies 2024-07-11 at 07:32 By Help Net Security With terms like “AI washing” making their way into mainstream business consciousness, the hype surrounding AI is making it harder to differentiate between the true applications and empty promises of the technology. The quest for tangible business benefits is in full swing,

How AI helps decode cybercriminal strategies Read More »

Strengthening cybersecurity preparedness with defense in depth

Compliance, cybersecurity, Don't miss, Features, framework, Gigamon, Hot stuff, News, opinion, security controls, zero trust / SecurityTicks

Strengthening cybersecurity preparedness with defense in depth 2024-07-11 at 07:01 By Mirko Zorz In this Help Net Security interview, Chaim Mazal, Chief Security Officer at Gigamon, discusses cybersecurity preparedness measures for businesses, the impact of international inconsistencies on global operations, and the board’s role in cybersecurity. What are the top cybersecurity preparedness measures that businesses

Strengthening cybersecurity preparedness with defense in depth Read More »

Travel scams exposed: How to recognize and avoid them

cybersecurity, Don't miss, Expel, Hot stuff, how-to, News, scams, tips, travel industry, Video / SecurityTicks

Travel scams exposed: How to recognize and avoid them 2024-07-11 at 06:31 By Help Net Security In this Help Net Security video, Aaron Walton, Threat Intel Analyst at Expel, discusses travel scams. For the past 18 months, the Expel SOC team has observed a campaign targeting administrative credentials for Booking.com. The attackers create phishing emails

Travel scams exposed: How to recognize and avoid them Read More »

Valuable insights for making the right cybersecurity decisions

CISO, cybersecurity, Don't miss, Fortinet, Hack The Box, Hot stuff, Netskope, News, Proofpoint, report, survey, Trellix / SecurityTicks

Valuable insights for making the right cybersecurity decisions 2024-07-11 at 06:01 By Help Net Security This article compiles excerpts from various reports, presenting statistics and insights that could be helpful for CISOs. CISOs becoming more comfortable with risk levels Netskope | The Modern CISO: Bringing Balance | June 2024 Contradicting legacy stereotypes of the CISO

Valuable insights for making the right cybersecurity decisions Read More »

Don’t miss