Don't miss - Security Ticks

Cybersecurity needs a leader, so let’s stop debating and start deciding

boardroom, CIO, CISO, cybersecurity, Don't miss, Expert analysis, Expert corner, Hot stuff, News, opinion, policy, Rapid7, strategy / SecurityTicks

Cybersecurity needs a leader, so let’s stop debating and start deciding 2025-02-25 at 18:09 By Help Net Security Have you ever heard anyone earnestly ask in a business, “Who owns legal?” or “Who sets the financial strategy?” Probably not – it should be obvious, right? Yet, when it comes to cybersecurity, the question of ownership […]

React to this headline:

Cybersecurity needs a leader, so let’s stop debating and start deciding Read More »

Avoiding vendor lock-in when using managed cloud security services

access control, Artificial Intelligence, CISO, cloud security, Compliance, cybersecurity, Don't miss, Features, Hot stuff, News, opinion, Tamnoon / SecurityTicks

Avoiding vendor lock-in when using managed cloud security services 2025-02-25 at 08:05 By Mirko Zorz In this Help Net Security interview, Marina Segal, CEO at Tamnoon, discusses the most significant obstacles when implementing managed cloud security in hybrid and multi-cloud environments. She shares insights on long onboarding times, legacy security gaps, vendor lock-in, and overlooked

React to this headline:

Avoiding vendor lock-in when using managed cloud security services Read More »

The CISO’s dilemma of protecting the enterprise while driving innovation

CISO, Cloudera, cyber risk, cybersecurity, Don't miss, News, Risk Management, strategy, tips, Upwind / SecurityTicks

The CISO’s dilemma of protecting the enterprise while driving innovation 2025-02-25 at 07:34 By Help Net Security CISOs are constantly navigating the challenge of protecting their organizations while ensuring business agility and innovation. For example, as companies move workloads to the cloud to support remote teams, security teams must secure data without slowing down productivity.

React to this headline:

The CISO’s dilemma of protecting the enterprise while driving innovation Read More »

PoC exploit for Ivanti Endpoint Manager vulnerabilities released (CVE-2024-13159)

Don't miss, endpoint management, enterprise, Horizon3.ai, Hot stuff, Ivanti, News, PoC / SecurityTicks

PoC exploit for Ivanti Endpoint Manager vulnerabilities released (CVE-2024-13159) 2025-02-24 at 16:18 By Zeljka Zorz A proof-of-concept (PoC) exploit for four critical Ivanti Endpoint Manager vulnerabilities has been released by Horizon3.ai researchers. The vulnerabilities – CVE-2024-10811, CVE-2024-13161, CVE-2024-13160 and CVE-2024-13159 – may be exploited by remote, unauthenticated attackers to leverage Ivanti EPM machine account credentials

React to this headline:

PoC exploit for Ivanti Endpoint Manager vulnerabilities released (CVE-2024-13159) Read More »

Account takeover detection: There’s no single tell

account hijacking, account protection, Don't miss, enterprise, Hot stuff, MFA, News, Proofpoint / SecurityTicks

Account takeover detection: There’s no single tell 2025-02-24 at 14:48 By Zeljka Zorz Account takeover (ATO) is one of the most prevalent attack types; Proofpoint says that in 2024, 99% of the customer tenants the company monitors were hit with at least one account takeover attempt, and 62% of the customers experienced at least one

React to this headline:

Account takeover detection: There’s no single tell Read More »

Man vs. machine: Striking the perfect balance in threat intelligence

Artificial Intelligence, automation, cybersecurity, Don't miss, Features, Hot stuff, LLMs, News, opinion, Perspective Intelligence, Threat Intelligence / SecurityTicks

Man vs. machine: Striking the perfect balance in threat intelligence 2025-02-24 at 08:00 By Mirko Zorz In this Help Net Security interview, Aaron Roberts, Director at Perspective Intelligence, discusses how automation is reshaping threat intelligence. He explains that while AI tools can process massive data sets, the nuanced judgment of experienced analysts remains critical. Roberts

React to this headline:

Man vs. machine: Striking the perfect balance in threat intelligence Read More »

Misconfig Mapper: Open-source tool to uncover security misconfigurations

Don't miss, GitHub, misconfiguration, News, open source, software / SecurityTicks

Misconfig Mapper: Open-source tool to uncover security misconfigurations 2025-02-24 at 07:33 By Mirko Zorz Misconfig Mapper is an open-source CLI tool built in Golang that discovers and enumerates instances of services used within your organization. It performs large-scale detection and misconfiguration assessments, leveraging customizable templates with detection and misconfiguration fingerprints to identify potential security risks

React to this headline:

Misconfig Mapper: Open-source tool to uncover security misconfigurations Read More »

Why AI deployment requires a new level of governance

Artificial Intelligence, cybersecurity, data security, Don't miss, ePlus, Hot stuff, strategy, Video / SecurityTicks

Why AI deployment requires a new level of governance 2025-02-24 at 07:09 By Help Net Security In this Help Net Security video, Lee Waskevich, VP of Security at ePlus, discusses how AI deployment demands enhanced governance and stricter controls, particularly in managing data. The recent ePlus AI Readiness survey revealed that the top data concerns

React to this headline:

Why AI deployment requires a new level of governance Read More »

Mastering the cybersecurity tightrope of protection, detection, and response

cyber resilience, cybersecurity, data security, Don't miss, Encryption, Features, Hot stuff, Incident Response, monitoring, News, opinion, Sophos, strategy / SecurityTicks

Mastering the cybersecurity tightrope of protection, detection, and response 2025-02-21 at 08:05 By Mirko Zorz In this Help Net Security interview, Chester Wisniewski, Director and Global Field CISO at Sophos, discusses the shifting ransomware landscape, the risks posed by quantum decryption threats, and the role of vendor security validation. Wisniewski notes that cyber resilience is

React to this headline:

Mastering the cybersecurity tightrope of protection, detection, and response Read More »

PRevent: Open-source tool to detect malicious code in pull requests

Apiiro, code analysis, Don't miss, GitHub, Hot stuff, Java, JavaScript, Kotlin, News, open source, PHP, programming, Python, Ruby, software development, threat detection / SecurityTicks

PRevent: Open-source tool to detect malicious code in pull requests 2025-02-20 at 16:52 By Zeljka Zorz Apiiro security researchers have released open source tools that can help organizations detect malicious code as part of their software development lifecycle: PRevent (a scanner for pull requests), and a malicious code detection ruleset for Semgrep and Opengrep static

React to this headline:

PRevent: Open-source tool to detect malicious code in pull requests Read More »

Darcula allows tech-illiterate crooks to create, deploy DIY phishing kits targeting any brand

cybercrime, digital wallet, Don't miss, Hot stuff, Netcraft, News, payment cards, phishing, SecAlliance / SecurityTicks

Darcula allows tech-illiterate crooks to create, deploy DIY phishing kits targeting any brand 2025-02-20 at 13:35 By Zeljka Zorz A new, improved version of Darcula, a cat-themed phishing-as-a-service (PhaaS) platform aimed at serving Chinese-speaking criminals, will be released this month and will allow malicious users to create customized phishing kits to target a wider variety

React to this headline:

Darcula allows tech-illiterate crooks to create, deploy DIY phishing kits targeting any brand Read More »

Hackers pose as employers to steal crypto, login credentials

cyber espionage, cybercrime, Don't miss, ESET, News, North Korea, research, scams, threats / SecurityTicks

Hackers pose as employers to steal crypto, login credentials 2025-02-20 at 12:03 By Help Net Security Since early 2024, ESET researchers have been tracking DeceptiveDevelopment, a series of malicious campaigns linked to North Korea-aligned operators. Disguising themselves as software development recruiters, these threat actors lure victims with fake job offers and deliver software projects embedded

React to this headline:

Hackers pose as employers to steal crypto, login credentials Read More »

Unknown and unsecured: The risks of poor asset visibility

Artificial Intelligence, automation, CybaVerse, cybersecurity, Don't miss, Endpoint Security, Features, Hot stuff, IT assets, News, opinion, strategy / SecurityTicks

Unknown and unsecured: The risks of poor asset visibility 2025-02-20 at 07:34 By Mirko Zorz In this Help Net Security interview, Juliette Hudson, CTO of CybaVerse, discusses why asset visibility remains a critical cybersecurity challenge. She explains how to maintain security without slowing down operations, shares ways to improve visibility in OT environments, and explains

React to this headline:

Unknown and unsecured: The risks of poor asset visibility Read More »

iOS 18 settings to lock down your privacy and security

apple, cybersecurity, Don't miss, how-to, iOS, iPhone, News, Privacy, tips / SecurityTicks

iOS 18 settings to lock down your privacy and security 2025-02-19 at 18:04 By Help Net Security Enhancing your security and privacy on iOS 18 involves configuring various settings to control access to your personal data and device features. Here are 12 essential settings to consider. Enable two-factor authentication (2FA) Using 2FA authentication adds an

React to this headline:

iOS 18 settings to lock down your privacy and security Read More »

Attackers are chaining flaws to breach Palo Alto Networks firewalls

Assetnote, Don't miss, enterprise, GreyNoise, Hot stuff, News, Palo Alto Networks, vulnerability / SecurityTicks

Attackers are chaining flaws to breach Palo Alto Networks firewalls 2025-02-19 at 11:03 By Zeljka Zorz Exploitation attempts targeting CVE-2025-0108, a recently disclosed authentication bypass vulnerability affecting the management web interface of Palo Alto Networks’ firewalls, are ramping up. “GreyNoise now sees 25 malicious IPs actively exploiting CVE-2025-0108, up from 2 on February 13,” the

React to this headline:

Attackers are chaining flaws to breach Palo Alto Networks firewalls Read More »

Kunai: Open-source threat hunting tool for Linux

Don't miss, GitHub, Linux, News, open source, software, threat hunting / SecurityTicks

Kunai: Open-source threat hunting tool for Linux 2025-02-19 at 08:19 By Mirko Zorz Kunai is an open-source tool that provides deep and precise event monitoring for Linux environments. “What sets Kunai apart is its ability to go beyond simple event generation. While most security monitoring tools rely on syscalls or kernel function hooking, Kunai takes

React to this headline:

Kunai: Open-source threat hunting tool for Linux Read More »

VC-backed cybersecurity startups and the exit crunch

Acrew Capital, cybersecurity, Don't miss, Hot stuff, investment, security startup, strategy, tips, Video / SecurityTicks

VC-backed cybersecurity startups and the exit crunch 2025-02-19 at 07:31 By Help Net Security The cybersecurity startup landscape is at a crossroads. As venture-backed companies strive for successful exits, the bar has risen dramatically, requiring more funding, higher revenue, and faster growth than ever before. In this Help Net Security video, Mark Kraynak, Founding Partner

React to this headline:

VC-backed cybersecurity startups and the exit crunch Read More »

Cyber hygiene habits that many still ignore

cyber hygiene, cybersecurity, Don't miss, how-to, News, strategy, tips / SecurityTicks

Cyber hygiene habits that many still ignore 2025-02-19 at 07:04 By Help Net Security Cybersecurity advice is everywhere. We’re constantly reminded to update our passwords, enable two-factor authentication, and avoid clicking suspicious links. Yet, beneath these practical steps lie deeper cyber hygiene habits that, despite their importance, are frequently overlooked. These underlying mindsets and systemic

React to this headline:

Cyber hygiene habits that many still ignore Read More »

6 considerations for 2025 cybersecurity investment decisions

Artificial Intelligence, Compliance, credentials, cybersecurity, Don't miss, Expert analysis, Expert corner, Hot stuff, Industry news, investment, opinion, social engineering, Sphere / SecurityTicks

6 considerations for 2025 cybersecurity investment decisions 2025-02-18 at 18:33 By Help Net Security Cybersecurity professionals may be concerned about the constantly shifting threat landscape. From the increased use of artificial intelligence (AI) by malicious actors to the expanding attack surface, cybersecurity risks evolve, and defenders need to mitigate them. Despite a period of cybersecurity

React to this headline:

6 considerations for 2025 cybersecurity investment decisions Read More »

BlackLock ransomware onslaught: What to expect and how to fight it

Don't miss, enterprise, ESXi, extortion, Hot stuff, News, Ransomware, ReliaQuest, SMBs, tips, VMWare, Windows / SecurityTicks

BlackLock ransomware onslaught: What to expect and how to fight it 2025-02-18 at 18:33 By Zeljka Zorz BlackLock is on track to become the most active ransomware-as-a-service (RaaS) outfit in 2025, according to ReliaQuest. Its success is primarily due to their unusually active presence and good reputation on the ransomware-focused Russian-language forum RAMP, and their

React to this headline:

BlackLock ransomware onslaught: What to expect and how to fight it Read More »

Don’t miss