Don't miss - Security Ticks

Tackling software vulnerabilities with smarter developer strategies

Application Security, code, cybersecurity, Don't miss, Endor Labs, Features, Hot stuff, News, opinion, software, web application security / SecurityTicks

Tackling software vulnerabilities with smarter developer strategies 2024-12-13 at 07:03 By Mirko Zorz In this Help Net Security interview, Karl Mattson, CISO at Endor Labs, discusses strategies for enhancing secure software development. Mattson covers how developers can address vulnerabilities in complex systems, ways organizations can better support secure coding practices, and the role of languages […]

React to this headline:

Tackling software vulnerabilities with smarter developer strategies Read More »

Krispy Kreme cybersecurity incident disrupts online ordering

cyberattack, disruption, Don't miss, Hot stuff, News, Retail, USA / SecurityTicks

Krispy Kreme cybersecurity incident disrupts online ordering 2024-12-12 at 13:39 By Zeljka Zorz Popular US doughnut chain Krispy Kreme has been having trouble with its online ordering system as well as digital payments at their brick-and-mortar shops since late November, and now we finally know why: an 8-K report filed with the US Securities and

React to this headline:

Krispy Kreme cybersecurity incident disrupts online ordering Read More »

27 DDoS-for hire platforms seized by law enforcement

arrest, cybercriminals, DDoS, Don't miss, Europe, Europol, Hot stuff, Justice Department, News, USA / SecurityTicks

27 DDoS-for hire platforms seized by law enforcement 2024-12-12 at 12:39 By Zeljka Zorz As part of an ongoing international crackdown known as Operation PowerOFF, international law enforcement has seized over two dozen platforms used to carry out Distributed Denial-of-Service (DDoS) attacks. These “booter” (aka “stresser”) sites were used by both cybercriminals and hacktivists to

React to this headline:

27 DDoS-for hire platforms seized by law enforcement Read More »

We must adjust expectations for the CISO role

CISO, Compliance, cybersecurity, Don't miss, Expert analysis, Expert corner, Hot stuff, News, opinion, Portnox, resilience / SecurityTicks

We must adjust expectations for the CISO role 2024-12-12 at 11:52 By Help Net Security Cybersecurity has become one of the most high-stakes facets of business operations in the past few years. The chief information security officer (CISO) role, once a back-office function primarily focused on technical oversight, has moved squarely into the executive spotlight.

React to this headline:

We must adjust expectations for the CISO role Read More »

Only Cynet delivers 100% protection and detection visibility in the 2024 MITRE ATT&CK Evaluation

Cynet, Don't miss, Hot stuff, News / SecurityTicks

Only Cynet delivers 100% protection and detection visibility in the 2024 MITRE ATT&CK Evaluation 2024-12-12 at 10:07 By Help Net Security Across small-to-medium enterprises (SMEs) and managed service providers (MSPs), the top priority for cybersecurity leaders is to keep IT environments up and running. To guard against cyber threats and prevent data breaches, it’s vital

React to this headline:

Only Cynet delivers 100% protection and detection visibility in the 2024 MITRE ATT&CK Evaluation Read More »

Shaping effective AI governance is about balancing innovation with humanity

Artificial Intelligence, cybersecurity, Don't miss, Features, Hot stuff, News, opinion, ServiceNow, strategy / SecurityTicks

Shaping effective AI governance is about balancing innovation with humanity 2024-12-12 at 07:04 By Mirko Zorz In this Help Net Security interview, Ben de Bont, CISO at ServiceNow, discusses AI governance, focusing on how to foster innovation while ensuring responsible oversight. He emphasizes the need for collaboration between technologists, policymakers, and ethicists to create ethical

React to this headline:

Shaping effective AI governance is about balancing innovation with humanity Read More »

Exposed APIs and issues in the world’s largest organizations

access control, API security, authentication, cybersecurity, Don't miss, Escape, Hot stuff, Video / SecurityTicks

Exposed APIs and issues in the world’s largest organizations 2024-12-12 at 06:32 By Help Net Security In this Help Net Security video, Tristan Kalos, CEO of Escape, discusses the results of its 2024 State of API Exposure report. The study highlights significant API security gaps affecting Fortune 1000 organizations, with over 28,500 exposed APIs and

React to this headline:

Exposed APIs and issues in the world’s largest organizations Read More »

Keycloak: Open-source identity and access management

access management, Don't miss, GitHub, Hot stuff, identity management, News, open source, software / SecurityTicks

Keycloak: Open-source identity and access management 2024-12-12 at 06:04 By Help Net Security Keycloak is an open-source project for identity and access management (IAM). It provides user federation, strong authentication, user management, authorization, and more. Keycloak is based on standard protocols and supports OpenID Connect, OAuth 2.0, and SAML. Single Sign-On: Users authenticate through Keycloak

React to this headline:

Keycloak: Open-source identity and access management Read More »

Microsoft enforces defenses preventing NTLM relay attacks

account protection, Active Directory, authentication, Don't miss, Hot stuff, Microsoft, Microsoft Exchange, News, Windows Server / SecurityTicks

Microsoft enforces defenses preventing NTLM relay attacks 2024-12-11 at 15:03 By Zeljka Zorz Since making Kerberos the default Windows authentication protocol in 2000, Microsoft has been working on eventually retiring NTLM, its less secure and obsolete counterpart. Until NTLM gets disabled by default, Microsoft is working on shoring up defenses against NTLM relay attacks. How

React to this headline:

Microsoft enforces defenses preventing NTLM relay attacks Read More »

BadRAM: $10 hack unlocks AMD encrypted memory

Amd, chip, CVE, Don't miss, hardware, News, Raspberry Pi, research, vulnerability / SecurityTicks

BadRAM: $10 hack unlocks AMD encrypted memory 2024-12-11 at 13:16 By Mirko Zorz Cybersecurity researchers have identified a vulnerability (CVE-2024-21944, aka BadRAM) affecting ADM processors that can be triggered by rogue memory modules to unlock the chips’ encrypted memory. The SPD chip can be modified using an off-the-shelf microcontroller. The researchers used a Raspberry Pi

React to this headline:

BadRAM: $10 hack unlocks AMD encrypted memory Read More »

Open source malware up 200% since 2023

Don't miss, Hot stuff, Malware, News, open source, report, software, Sonatype / SecurityTicks

Open source malware up 200% since 2023 2024-12-11 at 07:32 By Help Net Security Sonatype’s 2024 Open Source Malware Threat Report reveals that the number of malicious packages has surpassed 778,500 since tracking began in 2019. In 2024, researchers examined how threat actors leverage malicious open-source packages to target developers, particularly as enterprises increasingly adopt

React to this headline:

Open source malware up 200% since 2023 Read More »

Why crisis simulations fail and how to fix them

crisis management, Cyberbit, cybersecurity, Don't miss, Features, Hot stuff, News, opinion, strategy / SecurityTicks

Why crisis simulations fail and how to fix them 2024-12-11 at 07:03 By Mirko Zorz In this Help Net Security interview, Allison Ritter, Head of Cyber Experiential Exercising at Cyberbit, shares her insights on the key differences between in-person and virtual cyber crisis simulations and what makes each approach effective. Ritter highlights the need for

React to this headline:

Why crisis simulations fail and how to fix them Read More »

Microsoft fixes exploited zero-day (CVE-2024-49138)

0-day, CVE, Don't miss, enterprise, Hot stuff, Immersive Labs, Microsoft, News, Patch Tuesday, Tenable, Windows, Windows Server / SecurityTicks

Microsoft fixes exploited zero-day (CVE-2024-49138) 2024-12-10 at 23:04 By Zeljka Zorz On December 2024 Patch Tuesday, Microsoft resolved 71 vulnerabilities in a variety of its products, including a zero-day (CVE-2024-49138) that’s been exploited by attackers in the wild to execute code with higher privileges. CVE-2024-49138 exploited by attackers CVE-2024-49138 stems from a heap-based buffer overflow

React to this headline:

Microsoft fixes exploited zero-day (CVE-2024-49138) Read More »

Attackers actively exploiting flaw(s) in Cleo file transfer software (CVE-2024-50623)

Cleo, CVE, Don't miss, file-sharing, Hot stuff, Huntress, News, vulnerability / SecurityTicks

Attackers actively exploiting flaw(s) in Cleo file transfer software (CVE-2024-50623) 2024-12-10 at 15:35 By Zeljka Zorz Attackers are exploiting a vulnerability (CVE-2024-50623) in file transfer software by Cleo – LexiCo, VLTransfer, and Harmony – to gain access to organizations’ systems, Huntress researchers warned on Monday. “We’ve discovered at least 10 businesses whose Cleo servers were

React to this headline:

Attackers actively exploiting flaw(s) in Cleo file transfer software (CVE-2024-50623) Read More »

Preventing data leakage in low-node/no-code environments

Compliance, cybersecurity, Data leak, Don't miss, Expert analysis, Expert corner, Hot stuff, News, Nokod Security, opinion, risk, security controls / SecurityTicks

Preventing data leakage in low-node/no-code environments 2024-12-10 at 07:34 By Help Net Security Low-code/no-code (LCNC) platforms enable application development by citizen developers, often generating “shadow engineering” projects that evade security oversight. While LCNC solutions like Power BI reports and automated workflows foster agility and innovation, they also introduce significant risks, including data leakage. Data leakage

React to this headline:

Preventing data leakage in low-node/no-code environments Read More »

Strengthening security posture with comprehensive cybersecurity assessments

Compliance, cybersecurity, Don't miss, Features, HGS Digital, Hot stuff, News, opinion, regulation, Risk Management, security assessment, security controls, threat detection / SecurityTicks

Strengthening security posture with comprehensive cybersecurity assessments 2024-12-10 at 07:04 By Mirko Zorz In this Help Net Security interview, Phani Dasari, CISO at HGS, discusses key aspects of cybersecurity assessments, including effective tools and methodologies, the role of AI and automation, and strategies for aligning assessments with organizational needs. The post Strengthening security posture with

React to this headline:

Strengthening security posture with comprehensive cybersecurity assessments Read More »

Neosync: Open-source data anonymization, synthetic data orchestration

anonymity, Don't miss, GitHub, News, open source, Privacy, software / SecurityTicks

Neosync: Open-source data anonymization, synthetic data orchestration 2024-12-10 at 06:37 By Help Net Security Neosync is an open-source, developer-centric solution designed to anonymize PII, generate synthetic data, and synchronize environments for improved testing and debugging. What you can do with Neosync Safely test code with production data: Anonymize sensitive production data to safely use it

React to this headline:

Neosync: Open-source data anonymization, synthetic data orchestration Read More »

Update your OpenWrt router! Security issue made supply chain attack possible

Don't miss, embedded systems, Hot stuff, Linux, networking, News, open source, OpenWRT, router, security update, vulnerability / SecurityTicks

Update your OpenWrt router! Security issue made supply chain attack possible 2024-12-09 at 20:51 By Zeljka Zorz A security issue that could have allowed attackers to serve malicious firmware images to users has been fixed by OpenWrt Project, the organization that helms the development of the popular Linux distribution for embedded devices. About OpenWrt OpenWrt

React to this headline:

Update your OpenWrt router! Security issue made supply chain attack possible Read More »

Microsoft: “Hack” this LLM-powered service and get paid

Don't miss, hacking contest, Hot stuff, LLMs, Microsoft, News, prompt injection / SecurityTicks

Microsoft: “Hack” this LLM-powered service and get paid 2024-12-09 at 18:04 By Zeljka Zorz Microsoft, in collaboration with the Institute of Science and Technology Australia and ETH Zurich, has announced the LLMail-Inject Challenge, a competition to test and improve defenses against prompt injection attacks. The setup and the challenge LLMail is a simulated email client

React to this headline:

Microsoft: “Hack” this LLM-powered service and get paid Read More »

8Base hacked port operating company Luka Rijeka

data theft, Don't miss, EU, Europe, extortion, Hot stuff, maritime industry, News, Ransomware / SecurityTicks

8Base hacked port operating company Luka Rijeka 2024-12-09 at 14:48 By Zeljka Zorz Luka Rijeka, a company that offers maritime transport, port, storage of goods and forwarding services in Rijeka, Croatia, has been hacked by the 8Base ransomware group. The group claimed the attack on their dark web data leak site and professed that they’ve

React to this headline:

8Base hacked port operating company Luka Rijeka Read More »

Don’t miss