Don't miss - Security Ticks

How to withstand the onslaught of cybersecurity threats

automation, CIO, CISO, cybersecurity, Don't miss, Expert analysis, Expert corner, Hot stuff, hybrid workforce, IT assets, News, opinion, shadow IT, strategy, threats / SecurityTicks

How to withstand the onslaught of cybersecurity threats 10/11/2023 at 08:31 By Help Net Security “We brought a shovel to fight an avalanche.” That’s the sentiment shared by many business leaders, especially CISOs, CIOs and IT leaders as they face the current cybersecurity threat landscape. Like an avalanche, it’s constantly shifting and changing, moving quickly […]

React to this headline:

How to withstand the onslaught of cybersecurity threats Read More »

Rethinking cyber risk: The case against spreadsheets

cybersecurity, data, Don't miss, Forescout, Hot stuff, risk assessment, Risk Management, tracking, Video / SecurityTicks

Rethinking cyber risk: The case against spreadsheets 10/11/2023 at 08:02 By Help Net Security In this Help Net Security video, Christina Hoefer, VP of Global Industrial Enterprise at Forescout, discusses why it is time for manufacturers/OT security leaders to “toss the spreadsheet” regarding their traditional methods of tracking data for cyber risk assessments. She addresses

React to this headline:

Rethinking cyber risk: The case against spreadsheets Read More »

Sandworm hackers incapacitated Ukrainian power grid amid missile strike

APT, critical infrastructure, Don't miss, Hot stuff, ICS/SCADA, Malware, Mandiant, News, Russian Federation / SecurityTicks

Sandworm hackers incapacitated Ukrainian power grid amid missile strike 09/11/2023 at 19:17 By Helga Labus Russia-backed ATP group Sandworm is behind the cyberattack that caused disruption of parts of the Ukrainian power grid in late 2022, according to Mandiant. About Sandworm “Sandworm is a threat actor that has carried out cyber operations in support of

React to this headline:

Sandworm hackers incapacitated Ukrainian power grid amid missile strike Read More »

MOVEit hackers leverage new zero-day bug to breach organizations (CVE-2023-47246)

0-day, Don't miss, exploit, extortion, Hot stuff, ITSM, Microsoft, News, Ransomware, security update, SysAid, web shell / SecurityTicks

MOVEit hackers leverage new zero-day bug to breach organizations (CVE-2023-47246) 09/11/2023 at 18:01 By Helga Labus A critical zero-day vulnerability (CVE-2023-47246) in the SysAid IT support and management software solution is being exploited by Lace Tempest, a ransomware affiliate known for deploying Cl0p ransomware. Lace Tempest has previously exploited zero-day vulnerability (CVE-2023-34362) in Progress Software’s

React to this headline:

MOVEit hackers leverage new zero-day bug to breach organizations (CVE-2023-47246) Read More »

Open-source vulnerability disclosure: Exploitable weak spots

Aqua Security, cybercriminals, Don't miss, Hot stuff, News, open source, research, vulnerability disclosure / SecurityTicks

Open-source vulnerability disclosure: Exploitable weak spots 09/11/2023 at 15:17 By Zeljka Zorz Flaws in the vulnerability disclosure process of open-source projects could be exploited by attackers to harvest the information needed to launch attacks before patches are made available, Aqua Security researchers worry. The risk arises from “half-day” and “0.75-day” vulnerabilities “Half-day” vulnerabilities are known

React to this headline:

Open-source vulnerability disclosure: Exploitable weak spots Read More »

Security in the impending age of quantum computers

attacks, cybersecurity, Don't miss, Encryption, Expert analysis, Expert corner, Government, Hot stuff, News, NIST, NSA, opinion, public-key cryptography, Quantinuum, quantum computing, standards, strategy / SecurityTicks

Security in the impending age of quantum computers 09/11/2023 at 09:02 By Help Net Security Quantum computing is poised to be one of the most important technologies of the 21st century. With global governments having collectively pledged more than $38 billion in public funds for quantum technologies and $2.1 billion of new private capital flowing

React to this headline:

Security in the impending age of quantum computers Read More »

Unpacking the challenges of anti-money laundering obligations

Compliance, cybersecurity, Don't miss, Hot stuff, money, Ripjar, Risk Management, Video / SecurityTicks

Unpacking the challenges of anti-money laundering obligations 09/11/2023 at 08:32 By Help Net Security When managing anti-money laundering (AML) obligations, many challenger banks turn to basic or unproven in-house risk management solutions. Although these solutions can, in some ways, be innovative, they are often built quickly and lack thorough testing, leading to potential vulnerabilities. In

React to this headline:

Unpacking the challenges of anti-money laundering obligations Read More »

Microsoft Authenticator suppresses suspicious MFA notifications

account hijacking, Don't miss, Hot stuff, MFA, Microsoft, News, social engineering / SecurityTicks

Microsoft Authenticator suppresses suspicious MFA notifications 08/11/2023 at 17:46 By Helga Labus Microsoft has quietly rolled out a new mechanism that shields users of its mobile Authenticator app from suspicious (and annoying) push notifications triggered by attackers. Preventing attacks relying on MFA fatigue When faced with MFA-protected accounts, threat actors repeatedly try to gain access

React to this headline:

Microsoft Authenticator suppresses suspicious MFA notifications Read More »

Sumo Logic discloses potential breach via compromised AWS credential

AWS, credentials, data breach, Don't miss, Hot stuff, News, Sumo Logic / SecurityTicks

Sumo Logic discloses potential breach via compromised AWS credential 08/11/2023 at 14:49 By Helga Labus Cloud-native big data and security analytics firm Sumo Logic is investigating a potential security incident within their platform, the company revealed on Tuesday. The Sumo Logic incident “On Friday, November 3rd, 2023, Sumo Logic discovered evidence of a potential security

React to this headline:

Sumo Logic discloses potential breach via compromised AWS credential Read More »

Marina Bay Sands breach exposed data of 665,000 customers

Asia, data breach, Don't miss, hospitality industry, News, Singapore / SecurityTicks

Marina Bay Sands breach exposed data of 665,000 customers 08/11/2023 at 12:31 By Helga Labus Singapore-based luxury resort and casino Marina Bay Sands has suffered a data breach that exposed data of 665,000 non-casino rewards program members. The Marina Bay Sands data breach “Marina Bay Sands became aware of a data security incident on 20

React to this headline:

Marina Bay Sands breach exposed data of 665,000 customers Read More »

The 3 key stages of ransomware attacks and useful indicators of compromise

attacks, cybersecurity, data, DNS, Don't miss, Email, Encryption, Expert analysis, Expert corner, Gurucul, hacker, Hot stuff, network, News, opinion, phishing, Ransomware, servers, SOC / SecurityTicks

The 3 key stages of ransomware attacks and useful indicators of compromise 08/11/2023 at 09:02 By Help Net Security For SOC teams to be able to defend their organization against ransomware attacks, they need to have the right security toolset, but also an understanding of the three primary ransomware attack stages. In this article, we

React to this headline:

The 3 key stages of ransomware attacks and useful indicators of compromise Read More »

Aqua Trivy open-source security scanner now finds Kubernetes security risks

Aqua Security, cybersecurity, Don't miss, GitHub, Kubernetes, News, scanning, software / SecurityTicks

Aqua Trivy open-source security scanner now finds Kubernetes security risks 08/11/2023 at 08:31 By Mirko Zorz The Aqua Trivy open-source scanner now supports vulnerability scanning for Kubernetes components and Kubernetes Bill of Materials (KBOM) generation. Now, companies can better understand the components within their Kubernetes environment and how secure they are to reduce risk. “Aqua

React to this headline:

Aqua Trivy open-source security scanner now finds Kubernetes security risks Read More »

AI-assisted coding and its impact on developers

Artificial Intelligence, code, cybersecurity, Don't miss, Hot stuff, Pluralsight, resilience, skill development, software development, Video / SecurityTicks

AI-assisted coding and its impact on developers 08/11/2023 at 08:02 By Help Net Security The emergence of AI has put into question the roles of software developers everywhere. In this Help Net Security video, Cat Hicks, VP of Research Insights at Pluralsight, discusses pressing questions that engineering organizations face regarding the rapidly-changing possibilities of AI-assisted

React to this headline:

AI-assisted coding and its impact on developers Read More »

Uphold Linux systems’ performance and availability in Azure

Center for Internet Security, Don't miss, News / SecurityTicks

Uphold Linux systems’ performance and availability in Azure 08/11/2023 at 07:01 By Help Net Security Cloud computing carries many benefits for your business… as long as you can ensure the performance and availability of your cloud environments. Let’s take the following three cloud computing benefits as examples. Rapidly scale cloud services: In the absence of

React to this headline:

Uphold Linux systems’ performance and availability in Azure Read More »

Microsoft introduces new access policies in Entra to boost MFA usage

access management, Don't miss, enterprise, Hot stuff, identity protection, MFA, Microsoft, Microsoft Entra ID, News, policy / SecurityTicks

Microsoft introduces new access policies in Entra to boost MFA usage 07/11/2023 at 18:17 By Helga Labus As part of a broader initiative to strengthen security, Microsoft is rolling out Microsoft-managed Conditional Access policies in Entra ID (formerly Azure Active Directory) to increase the use of multifactor authentication (MFA) for enterprise accounts. Microsoft Entra Conditional

React to this headline:

Microsoft introduces new access policies in Entra to boost MFA usage Read More »

Looney Tunables bug exploited for cryptojacking

Aqua Security, cloud computing, cryptojacking, Don't miss, exploit, Hot stuff, Linux, News, vulnerability / SecurityTicks

Looney Tunables bug exploited for cryptojacking 07/11/2023 at 12:46 By Helga Labus Kinsing threat actors have been spotted exploiting the recently disclosed Looney Tunables (CVE-2023-4911) vulnerability to covertly install cryptomining software into cloud-native environments. Kinsing (aka Money Libra) is a threat actor group that has been active since late 2021, targeting cloud-native environments and applications

React to this headline:

Looney Tunables bug exploited for cryptojacking Read More »

7 free cyber threat maps showing attack intensity and frequency

Arbor Networks, Bitdefender, Check Point, cybersecurity, Don't miss, Fortinet, Hot stuff, Netscout, News, Radware, Spamhaus / SecurityTicks

7 free cyber threat maps showing attack intensity and frequency 07/11/2023 at 09:03 By Help Net Security Cyber threat maps are one of the most visually engaging tools in the arsenal of cybersecurity professionals. These real-time visualizations provide a global perspective on digital threats, showcasing the intensity and frequency of attacks as they happen. This

React to this headline:

7 free cyber threat maps showing attack intensity and frequency Read More »

How AI is transforming consumer privacy expectations

Artificial Intelligence, Cisco, cybersecurity, data, Don't miss, Hot stuff, Privacy, Video / SecurityTicks

How AI is transforming consumer privacy expectations 07/11/2023 at 08:01 By Help Net Security Consumers are concerned about their privacy with AI. Cisco discovered that 60% had lost trust in organizations due to their AI use. In this Help Net Security video, Robert Waitman, Director of Cisco’s Privacy Center of Excellence, discusses consumers’ perceptions and

React to this headline:

How AI is transforming consumer privacy expectations Read More »

eBook: Keeping Active Directory out of hackers’ cross-hairs

Don't miss, Enzoic, News, Whitepapers and webinars / SecurityTicks

eBook: Keeping Active Directory out of hackers’ cross-hairs 07/11/2023 at 06:46 By Help Net Security Active Directory is a prime target for threat actors, and companies must act now to eliminate it as a threat vector permanently. Read the e-book to review: Active Directory (AD) and what it provides Threats and how to keep hackers

React to this headline:

eBook: Keeping Active Directory out of hackers’ cross-hairs Read More »

Okta breach post mortem reveals weaknesses exploited by attackers

1Password, account hijacking, BeyondTrust, Cloudflare, Don't miss, Hot stuff, Incident Response, News, Okta / SecurityTicks

Okta breach post mortem reveals weaknesses exploited by attackers 06/11/2023 at 17:18 By Zeljka Zorz The recent breach of the Okta Support system was carried out via a compromised service account with permissions to view and update customer support cases. “During our investigation into suspicious use of this account, Okta Security identified that an employee

React to this headline:

Okta breach post mortem reveals weaknesses exploited by attackers Read More »

Don’t miss