Don't miss - Security Ticks

Juniper Networks fixes flaws leading to RCE in firewalls and switches

Don't miss, firewall, Hot stuff, Juniper Networks, News, security update, vulnerability / SecurityTicks

Juniper Networks fixes flaws leading to RCE in firewalls and switches 22/08/2023 at 11:46 By Helga Labus Juniper Networks has fixed four vulnerabilities (CVE-2023-36844, CVE-2023-36845, CVE-2023-36846, CVE-2023-36847) in Junos OS that, if chained together, could allow attackers to achieve remote code execution (RCE) on the company’s SRX firewalls and EX switches. The fixed Junos OS […]

Juniper Networks fixes flaws leading to RCE in firewalls and switches Read More »

IT’s rising role in physical security technology

cloud adoption, collaboration, cybersecurity, Don't miss, Expert analysis, Expert corner, Hot stuff, IoT, Motorola Solutions, opinion, physical security, policy, surveillance / SecurityTicks

IT’s rising role in physical security technology 22/08/2023 at 07:34 By Help Net Security As the adoption of cloud-based and mobile-access security systems continues to increase among both new and established businesses, the lines between traditional physical security personnel and IT staff are beginning to blur. Traditionally, the common approach towards organizational security has always

IT’s rising role in physical security technology Read More »

Maintaining consistent security in diverse cloud infrastructures

CISO, Cloud, cloud computing, cloud security, cyber resilience, cybersecurity, DevOps, Don't miss, Features, Hot stuff, misconfiguration, Mitigant, monitoring, News, opinion, training / SecurityTicks

Maintaining consistent security in diverse cloud infrastructures 22/08/2023 at 07:01 By Mirko Zorz As cloud infrastructures become increasingly API-driven and dynamically spread across expansive attack surfaces, achieving clarity proves difficult. Compounding this challenge is the integration of DevOps practices, microservices, and container technologies, which, while fostering agility and scalability, introduce additional layers of complexity and

Maintaining consistent security in diverse cloud infrastructures Read More »

Understanding how attackers exploit APIs is more important than ever

API security, cybersecurity, Don't miss, Hot stuff, how-to, Intruder, programming, strategy, tips, Video / SecurityTicks

Understanding how attackers exploit APIs is more important than ever 22/08/2023 at 06:32 By Help Net Security In this Help Net Security video, Andy Hornegold, Product Lead at Intruder, dives into API security and explores how several recent high-profile breaches were caused by simple failings – which didn’t require sophisticated security to prevent. The number

Understanding how attackers exploit APIs is more important than ever Read More »

8 open-source OSINT tools you should try

Don't miss, Features, GitHub, Hot stuff, News, open source, OSINT, OWASP, penetration testing, reconnaissance, Shodan, software / SecurityTicks

8 open-source OSINT tools you should try 22/08/2023 at 06:01 By Help Net Security Open-Source Intelligence (OSINT) refers to gathering, assessing, and interpreting public information to address specific intelligence queries. All the tools listed here are available for free. Amass The OWASP Amass project performs network mapping of attack surfaces and external asset discovery using

8 open-source OSINT tools you should try Read More »

WinRAR vulnerable to remote code execution, patch now! (CVE-2023-40477)

Don't miss, Hot stuff, News, security update, Trend Micro, vulnerability, Windows, WinRAR / SecurityTicks

WinRAR vulnerable to remote code execution, patch now! (CVE-2023-40477) 21/08/2023 at 14:47 By Helga Labus RARLAB has fixed a high-severity RCE vulnerability (CVE-2023-40477) in the popular file archiver tool WinRAR. About CVE-2023-40477 A widely used Windows-only utility, WinRAR can create and extract file archives in various compression formats (RAR, ZIP, CAB, ARJ, LZH, TAR, GZip,

WinRAR vulnerable to remote code execution, patch now! (CVE-2023-40477) Read More »

Chrome will tell users when extensions they use are removed from Chrome Web Store

browser, Chrome, Chrome Web Store, Don't miss, extension, Google, Hot stuff, News / SecurityTicks

Chrome will tell users when extensions they use are removed from Chrome Web Store 21/08/2023 at 13:33 By Helga Labus Google will be extending the Safety check feature within the Chrome browser to alert users when a previously installed extension is no longer available in the Chrome Web Store. A safety check for Chrome extensions

Chrome will tell users when extensions they use are removed from Chrome Web Store Read More »

How EU lawmakers can make mandatory vulnerability disclosure responsible

cybersecurity, Don't miss, ENISA, EU, European Commission, Expert analysis, Expert corner, Government, HackerOne, Hot stuff, legislation, opinion, vulnerability disclosure / SecurityTicks

How EU lawmakers can make mandatory vulnerability disclosure responsible 21/08/2023 at 07:33 By Help Net Security There is a standard playbook and best practice for when an organization discovers or is notified about a software vulnerability: The organization works quickly to fix the problem and, once a fix is available, discloses that vulnerability for the

How EU lawmakers can make mandatory vulnerability disclosure responsible Read More »

Network detection and response in the modern era

BYOD, CISO, Compliance, cybersecurity, Don't miss, Exeon, Features, Hot stuff, IoT, machine learning, News, opinion, Ransomware, regulation, shadow IT, strategy, zero trust / SecurityTicks

Network detection and response in the modern era 21/08/2023 at 07:04 By Mirko Zorz In this Help Net Security interview, David Gugelmann, CEO at Exeon, sheds light on the current cyber threats and their challenges for network security. He discusses the role of Network Detection and Response (NDR) solutions that leverage machine learning algorithms to

Network detection and response in the modern era Read More »

4 ways simulation training alleviates team burnout

burnout, CISO, Cloud Range, cybersecurity, Don't miss, Expert analysis, Expert corner, Hot stuff, opinion, professional, SOC, training / SecurityTicks

4 ways simulation training alleviates team burnout 18/08/2023 at 11:32 By Help Net Security Burnout is endemic in the cybersecurity industry, damaging the mental and physical health of cyber professionals and leaving organizations underskilled, understaffed, and overexposed to cyber risk as security leaders and team members leave for more promising career opportunities elsewhere or drop

4 ways simulation training alleviates team burnout Read More »

Zimbra users in Europe, Latin America face phishing threat

credentials, Don't miss, ESET, Europe, Government, Hot stuff, News, phishing, SMBs, social engineering / SecurityTicks

Zimbra users in Europe, Latin America face phishing threat 18/08/2023 at 11:04 By Help Net Security ESET researchers have uncovered a mass-spreading phishing campaign aimed at collecting Zimbra account users’ credentials. Zimbra Collaboration is an open-core collaborative software platform, a popular alternative to enterprise email solutions. About the Zimbra phishing campaign The campaign has been

Zimbra users in Europe, Latin America face phishing threat Read More »

Reinventing OT security for dynamic landscapes

asvin, authentication, CISO, critical infrastructure, cybersecurity, Don't miss, Features, Hot stuff, how-to, News, opinion, regulation, Risk Management, strategy, tips, zero trust / SecurityTicks

Reinventing OT security for dynamic landscapes 18/08/2023 at 07:05 By Mirko Zorz From understanding the challenges of disparate OT protocols and the increasing convergence with IT to grappling with the monumental role of human error, our latest interview with Rohit Bohara, CTO at asvin, delves deep into the landscape of OT security. As cloud solutions

Reinventing OT security for dynamic landscapes Read More »

A closer look at the new TSA oil and gas pipeline regulations

Compliance, cybersecurity, Don't miss, Government, GuidePoint Security, Hot stuff, regulation, USA, Video, vulnerability assessment / SecurityTicks

A closer look at the new TSA oil and gas pipeline regulations 18/08/2023 at 06:02 By Help Net Security The TSA has announced updates to its Security Directive (SD) to strengthen the operational resilience of oil and natural gas pipeline owners and operators against cyber-attacks. In this Help Net Security video, Chris Warner, OT Senior

A closer look at the new TSA oil and gas pipeline regulations Read More »

Citrix ShareFile vulnerability actively exploited (CVE-2023-24489)

Citrix, Citrix ShareFile, Don't miss, enterprise, file-sharing, Hot stuff, News, PoC, security update, vulnerability / SecurityTicks

Citrix ShareFile vulnerability actively exploited (CVE-2023-24489) 17/08/2023 at 14:16 By Zeljka Zorz CVE-2023-24489, a critical Citrix ShareFile vulnerability that the company has fixed in June 2023, is being exploited by attackers. GreyNoise has flagged on Tuesday a sudden spike in IP addresses from which exploitation attempts are coming, and the Cybersecurity and Infrastructure Agency (CISA)

Citrix ShareFile vulnerability actively exploited (CVE-2023-24489) Read More »

Phishers use QR codes to target companies in various industries

Cofense, Don't miss, Hot stuff, Microsoft, News, phishing, QR codes / SecurityTicks

Phishers use QR codes to target companies in various industries 17/08/2023 at 13:01 By Helga Labus A phishing campaign using QR codes has been detected targeting various industries, with the aim to acquire Microsoft credentials. “The most notable target, a major Energy company based in the US, saw about 29% of the over 1000 emails

Phishers use QR codes to target companies in various industries Read More »

The road ahead for ecommerce fraud prevention

ClearSale, cybersecurity, Don't miss, e-commerce, Features, fraud, Hot stuff, identity, machine learning, News, online payment, opinion, strategy, tips / SecurityTicks

The road ahead for ecommerce fraud prevention 17/08/2023 at 07:36 By Mirko Zorz Ecommerce platforms are incorporating sophisticated fraud detection measures, but fraudsters, too, are refining their strategies. In this Help Net Security interview, Eduardo Mônaco, CEO at ClearSale, explains the complexities of ecommerce fraud, discussing the evolution of fraudster tactics, the effectiveness of social

The road ahead for ecommerce fraud prevention Read More »

Kubernetes clusters face widespread attacks across numerous organizations

Aqua Security, cybersecurity, Don't miss, Hot stuff, Kubernetes, misconfiguration, open source, threats, Video / SecurityTicks

Kubernetes clusters face widespread attacks across numerous organizations 17/08/2023 at 07:02 By Help Net Security In this Help Net Security video, Assaf Morag, Lead Threat Intelligence Analyst at Aqua Security, discusses research that discovered openly accessible and unprotected Kubernetes clusters belonging to more than 350 organizations, open-source projects, and individuals. At least 60% of these

Kubernetes clusters face widespread attacks across numerous organizations Read More »

LinkedIn users targeted in account hijacking campaign

account hijacking, brute-force, Don't miss, hacking, Hot stuff, LinkedIn, News / SecurityTicks

LinkedIn users targeted in account hijacking campaign 16/08/2023 at 17:03 By Helga Labus LinkedIn users are being targeted in an ongoing account hijacking campaign, are getting locked out of their accounts; the hacked accounts are held for ransom. Users discussing their compromised LinkedIn accounts. (Source: Cyberint) The LinkedIn account hijacking campaign The Cyberint research team

LinkedIn users targeted in account hijacking campaign Read More »

(Re)check your patched NetScaler ADC and Gateway appliances for signs of compromise

backdoor, Citrix, Don't miss, enterprise, Fox-IT, Hot stuff, Mandiant, News, vulnerability, web shell / SecurityTicks

(Re)check your patched NetScaler ADC and Gateway appliances for signs of compromise 16/08/2023 at 13:49 By Zeljka Zorz Administrators of Citrix NetScaler ADC and Gateway appliances should check for evidence of installed webshells even if they implemented fixes for CVE-2023-3519 quickly: A recent internet scan by Fox-IT researchers has revealed over 1,800 backdoored NetScaler devices,

(Re)check your patched NetScaler ADC and Gateway appliances for signs of compromise Read More »

Ivanti Avalanche vulnerable to attack by unauthenticated, remote attackers (CVE-2023-32560)

Don't miss, Hot stuff, Ivanti, News, security update, Tenable, vulnerability / SecurityTicks

Ivanti Avalanche vulnerable to attack by unauthenticated, remote attackers (CVE-2023-32560) 16/08/2023 at 12:50 By Helga Labus Two stack-based buffer overflow bugs (collectively designated as CVE-2023-32560) have been discovered in Ivanti Avalanche, an enterprise mobility management solution. A buffer overflow arises when the data in a buffer surpasses its storage capacity. This surplus data spills into

Ivanti Avalanche vulnerable to attack by unauthenticated, remote attackers (CVE-2023-32560) Read More »

Don’t miss