Don’t miss

How digital wallets work, and best practices to use them safely

cybersecurity, digital wallet, Don't miss, Hot stuff, how-to, IEEE, News, strategy, tips, Video /

How digital wallets work, and best practices to use them safely 2024-09-19 at 07:31 By Help Net Security With the adoption of digital wallets and the increasing embedding of consumer digital payments into daily life, ensuring security measures is essential. According to a McKinsey report, digital payments are now mainstream and continually evolving, bringing advancements […]

React to this headline:

Loading spinner

How digital wallets work, and best practices to use them safely Read More »

Essential metrics for effective security program assessment

Compliance, cybersecurity, Don't miss, Features, Hot stuff, News, opinion, penetration testing, Pentera, security controls, security testing, SOC /

Essential metrics for effective security program assessment 2024-09-19 at 07:02 By Mirko Zorz In this Help Net Security interview, Alex Spivakovsky, VP of Research & Cybersecurity at Pentera, discusses essential metrics for evaluating the success of security programs. Spivakovsky explains how automation and proactive testing can reveal vulnerabilities and improve overall security posture. What are

React to this headline:

Loading spinner

Essential metrics for effective security program assessment Read More »

Data disposal and cyber hygiene: Building a culture of security within your organization

cyber hygiene, cybersecurity, Don't miss, Expert analysis, Expert corner, News, opinion, Stellar, strategy /

Data disposal and cyber hygiene: Building a culture of security within your organization 2024-09-19 at 06:31 By Help Net Security Data breach episodes have been constantly rising with the number of data breach victims crossing 1 billion in the first half of 2024. A recent Data Breach Report 2023 by Verizon confirms that 74% of

React to this headline:

Loading spinner

Data disposal and cyber hygiene: Building a culture of security within your organization Read More »

Hackers breaching construction firms via specialized accounting software

brute-force, credentials, Don't miss, enterprise, Hot stuff, Huntress, News, privileged accounts, SMBs /

Hackers breaching construction firms via specialized accounting software 2024-09-18 at 17:16 By Zeljka Zorz Firms in the construction industry are getting breached by hackers via internet-exposed servers running Foundation accounting software, Huntress researchers are warning. “We’re seeing active intrusions among plumbing, HVAC, concrete, and similar sub-industries,” they noted. A way into corporate networks Ohio-based Foundation

React to this headline:

Loading spinner

Hackers breaching construction firms via specialized accounting software Read More »

Ghost: Criminal communication platform compromised, dismantled by international law enforcement

arrest, Australia, crime, cybercrime, Don't miss, Encryption, Europol, Government, Hot stuff, law enforcement, News, secure communications, supply chain compromise /

Ghost: Criminal communication platform compromised, dismantled by international law enforcement 2024-09-18 at 15:16 By Zeljka Zorz Another encrypted communication platform used by criminals has been dismantled and its alleged mastermind arrested, the Australian Federal Police has announced on Tuesday. “AFP Operation Kraken charged a NSW man, aged 32, for creating and administering Ghost, a dedicated

React to this headline:

Loading spinner

Ghost: Criminal communication platform compromised, dismantled by international law enforcement Read More »

Critical VMware vCenter Server bugs fixed (CVE-2024-38812)

Don't miss, Hot stuff, News /

Critical VMware vCenter Server bugs fixed (CVE-2024-38812) 2024-09-18 at 13:46 By Zeljka Zorz Broadcom has released fixes for two vulnerabilities affecting VMware vCenter Server that can be triggered by sending a specially crafted network packet, and could lead to remote code execution (CVE-2024-38812) or privilege escalation (CVE-2024-38813). “Broadcom is not currently aware of exploitation ‘in

React to this headline:

Loading spinner

Critical VMware vCenter Server bugs fixed (CVE-2024-38812) Read More »

CrowdSec: Open-source security solution offering crowdsourced protection

crowdsourced security, Don't miss, GitHub, Hot stuff, News, open source, software /

CrowdSec: Open-source security solution offering crowdsourced protection 2024-09-18 at 08:01 By Mirko Zorz Crowdsec is an open-source solution that offers crowdsourced protection against malicious IPs. CrowdSec features For this project, the developers have two objectives: Provide free top-quality intrusion detection and protection software. There’s community participation in creating new detection rules as new vulnerabilities are

React to this headline:

Loading spinner

CrowdSec: Open-source security solution offering crowdsourced protection Read More »

Detecting vulnerable code in software dependencies is more complex than it seems

code, code analysis, cybersecurity, Don't miss, Endor Labs, Features, Hot stuff, News, open source, opinion, remediation, SCA, software, vulnerability management /

Detecting vulnerable code in software dependencies is more complex than it seems 2024-09-18 at 07:31 By Mirko Zorz In this Help Net Security interview, Henrik Plate, CISSP, security researcher, Endor Labs, discusses the complexities AppSec teams face in identifying vulnerabilities within software dependencies. Plate also discusses the limitations of traditional software composition analysis (SCA) solutions

React to this headline:

Loading spinner

Detecting vulnerable code in software dependencies is more complex than it seems Read More »

The proliferation of non-human identities

cybersecurity, Don't miss, Entro, News, Non Human Identities, report, security practices, survey /

The proliferation of non-human identities 2024-09-18 at 07:01 By Mirko Zorz 97% of non-human identities (NHIs) have excessive privileges, increasing unauthorized access and broadening the attack surface, according to Entro Security’s 2025 State of Non-Human Identities and Secrets in Cybersecurity report. 92% of organizations expose NHIs to third parties, resulting in unauthorized access if third-party

React to this headline:

Loading spinner

The proliferation of non-human identities Read More »

Cybersecurity jobs available right now: September 18, 2024

cybersecurity jobs, Don't miss, Hot stuff, News /

Cybersecurity jobs available right now: September 18, 2024 2024-09-18 at 06:31 By Anamarija Pogorelec Application Security Engineer CHANEL | France | On-site – View job details As an Application Security Engineer, you will perform application-focus, offensive, security assessments of existing and upcoming Chanel’s features and products. Enforce smart CI/CD security tooling (SAST, dependencies checker, IAST,

React to this headline:

Loading spinner

Cybersecurity jobs available right now: September 18, 2024 Read More »

Apple releases iOS 18, with security and privacy improvements

access control, apple, Don't miss, Hot stuff, iOS, iPhone, News, password management, password manager /

Apple releases iOS 18, with security and privacy improvements 2024-09-17 at 15:46 By Zeljka Zorz Apple has launched iOS 18, the latest significant iteration of the operating system powering its iPhones. Along with many new features and welcome customization options, iOS 18 brings several changes for improving users’ security and privacy. A standalone Passwords app

React to this headline:

Loading spinner

Apple releases iOS 18, with security and privacy improvements Read More »

PoC exploit for exploited Ivanti Cloud Services Appliance flaw released (CVE-2024-8190)

CVE, Don't miss, enterprise, Horizon3.ai, Hot stuff, Ivanti, News, PoC, secure communications, vulnerability /

PoC exploit for exploited Ivanti Cloud Services Appliance flaw released (CVE-2024-8190) 2024-09-17 at 13:02 By Zeljka Zorz CVE-2024-8190, an OS command injection vulnerability in Ivanti Cloud Services Appliance (CSA) v4.6, is under active exploitation. Details about the attacks are still unknown, but there may be more in the near future: Horizon3.ai researchers have published their

React to this headline:

Loading spinner

PoC exploit for exploited Ivanti Cloud Services Appliance flaw released (CVE-2024-8190) Read More »

Gateways to havoc: Overprivileged dormant service accounts

Anetac, cybersecurity, data breach, Don't miss, Expert analysis, Expert corner, Hot stuff, identity, News, opinion, privileged accounts /

Gateways to havoc: Overprivileged dormant service accounts 2024-09-17 at 07:32 By Help Net Security Service accounts are non-human identities used to automate machine-to-machine interactions. They support critical functions – such as running scripts, services, and applications like websites, APIs, and databases – and facilitate integrations, operating as a proxy to humans and supporting business processes.

React to this headline:

Loading spinner

Gateways to havoc: Overprivileged dormant service accounts Read More »

The growing danger of visual hacking and how to protect against it

cybersecurity, Don't miss, Features, hacking, hardware, Hot stuff, News, opinion, Privacy, Rain Technology /

The growing danger of visual hacking and how to protect against it 2024-09-17 at 07:01 By Mirko Zorz In this Help Net Security interview, Robert Ramsey, CEO at Rain Technology, discusses the growing threat of visual hacking, how it bypasses traditional cybersecurity measures, and the importance of physical barriers like switchable privacy screens. Could you

React to this headline:

Loading spinner

The growing danger of visual hacking and how to protect against it Read More »

Beyond human IAM: The rising tide of machine identities

cybersecurity, Don't miss, Expert analysis, Expert corner, GitGuardian, Hot stuff, News, opinion, strategy /

Beyond human IAM: The rising tide of machine identities 2024-09-17 at 06:31 By Help Net Security Remember when managing user accounts was your biggest headache? Those were simpler times. Today, we’re drowning in a sea of machine identities, and it’s time to learn how to swim – or risk going under. In the ever-expanding universe

React to this headline:

Loading spinner

Beyond human IAM: The rising tide of machine identities Read More »

Microsoft confirms second 0-day exploited by Void Banshee APT (CVE-2024-43461)

0-day, APT, Check Point, CVE, Don't miss, Hot stuff, Microsoft, News, security update, Trend Micro, vulnerability, Windows /

Microsoft confirms second 0-day exploited by Void Banshee APT (CVE-2024-43461) 2024-09-16 at 15:46 By Zeljka Zorz CVE-2024-43461, a spoofing vulnerability affecting Windows MSHTML – a software component used by various apps for rendering render web pages on Windows – “was exploited as a part of an attack chain relating to CVE-2024-38112, prior to July 2024,”

React to this headline:

Loading spinner

Microsoft confirms second 0-day exploited by Void Banshee APT (CVE-2024-43461) Read More »

EchoStrike: Generate undetectable reverse shells, perform process injection

cybersecurity, Don't miss, GitHub, Hot stuff, News, open source, penetration testing, red team, software, Windows /

EchoStrike: Generate undetectable reverse shells, perform process injection 2024-09-16 at 07:31 By Mirko Zorz EchoStrike is an open-source tool designed to generate undetectable reverse shells and execute process injection on Windows systems. “EchoStrike allows you to generate binaries that, when executed, create an undetectable RevShell, which can be the first entry point into a company.

React to this headline:

Loading spinner

EchoStrike: Generate undetectable reverse shells, perform process injection Read More »

Compliance frameworks and GenAI: The Wild West of security standards

Application Security, automation, Compliance, cybersecurity, Don't miss, Features, generative AI, Hot stuff, News, opinion, penetration testing, regulation, software, SplxAI /

Compliance frameworks and GenAI: The Wild West of security standards 2024-09-16 at 07:01 By Mirko Zorz In this Help Net Security interview, Kristian Kamber, CEO at SplxAI, discusses how security challenges for GenAI differ from traditional software. Unlike predictable software, GenAI introduces dynamic, evolving threats, requiring new strategies for defense and compliance. Kamber highlights the

React to this headline:

Loading spinner

Compliance frameworks and GenAI: The Wild West of security standards Read More »

The ripple effects of regulatory actions on CISO reporting

CISO, cybersecurity, Don't miss, FTC, Hot stuff, News, strategy, Video, YL Ventures /

The ripple effects of regulatory actions on CISO reporting 2024-09-16 at 06:31 By Help Net Security In this Help Net Security video, Sara Behar, Content Manager at YL Ventures, discusses how recent regulatory actions and high-profile legal incidents involving cybersecurity leaders have influenced CISO reporting. In a recent report of the CISO Circuit, YL Ventures

React to this headline:

Loading spinner

The ripple effects of regulatory actions on CISO reporting Read More »

eBook: Navigating compliance with a security-first approach

Don't miss, Enzoic, Hot stuff, News, Whitepapers and webinars /

eBook: Navigating compliance with a security-first approach 2024-09-16 at 05:46 By Help Net Security As cyberattacks escalate, more regulations are being introduced to help protect organizations and their customers’ data. This has resulted in a complex web of legislation with which companies in the private sector must comply. It can be challenging, as industry standards

React to this headline:

Loading spinner

eBook: Navigating compliance with a security-first approach Read More »

Scroll to Top