Don't miss - Security Ticks

Prompt Fuzzer: Open-source tool for strengthening GenAI apps

Artificial Intelligence, Don't miss, generative AI, GitHub, Hot stuff, News, open source, software / SecurityTicks

Prompt Fuzzer: Open-source tool for strengthening GenAI apps 2024-04-29 at 08:01 By Mirko Zorz Prompt Fuzzer is an open-source tool that evaluates the security of your GenAI application’s system prompt against dynamic LLM-based threats. Prompt Fuzzer features Simulation of over a dozen types of GenAI attacks The tool contextualizes itself automatically based on the system […]

React to this headline:

Prompt Fuzzer: Open-source tool for strengthening GenAI apps Read More »

How insider threats can cause serious security breaches

Compliance, cybersecurity, Don't miss, Hot stuff, Insider Threat, Redspin, Video / SecurityTicks

How insider threats can cause serious security breaches 2024-04-29 at 07:34 By Help Net Security Insider threats are a prominent issue and can lead to serious security breaches. Just because someone is a colleague or employee does not grant inherent trust. In this Help Net Security video, Tara Lemieux, CMMC Consultant for Redspin, discusses insider

React to this headline:

How insider threats can cause serious security breaches Read More »

Most people still rely on memory or pen and paper for password management

authentication, Bitwarden, cybersecurity, Don't miss, News, passwords, report, survey / SecurityTicks

Most people still rely on memory or pen and paper for password management 2024-04-26 at 08:02 By Help Net Security Bitwarden surveyed 2,400 individuals from the US, UK, Australia, France, Germany, and Japan to investigate current user password practices. The survey shows that 25% of respondents globally reuse passwords across 11-20+ accounts, and 36% admit

React to this headline:

Most people still rely on memory or pen and paper for password management Read More »

What AI can tell organizations about their M&A risk

analytics, Artificial Intelligence, cybersecurity, Don't miss, Hot stuff, risk, Risk Management, Vectra, Video / SecurityTicks

What AI can tell organizations about their M&A risk 2024-04-26 at 07:01 By Help Net Security Following the past few years of economic turbulence, merger and acquisition (M&A) activity is on the rise in 2024, with several acquisition deals being announced in the first few months of the year valued at billions of dollars. With

React to this headline:

What AI can tell organizations about their M&A risk Read More »

Breaking down the numbers: Cybersecurity funding activity recap

Aim Security, Alethea, anecdotes, Axonius, BforeAI, BigID, Bugcrowd, CyberSaint, cybersecurity, Defense Unicorns, Don't miss, Dropzone AI, Hot stuff, Incognia, investment, Nagomi Security, News, NinjaOne, Nozomi Networks, Oleria, Permit.io, Prompt Security, Prophet Security, PVML, Seal Security, Simbian, StrikeReady, Sublime Security, Sweet Security, Vicarius / SecurityTicks

Breaking down the numbers: Cybersecurity funding activity recap 2024-04-26 at 06:45 By Help Net Security Here’s a list of interesting cybersecurity companies that received funding so far in 2024. Aim Security January | $10 million Aim Security raised $10 million in seed funding, led by YL Ventures, with participation from CCL (Cyber Club London), the

React to this headline:

Breaking down the numbers: Cybersecurity funding activity recap Read More »

Applying DevSecOps principles to machine learning workloads

Artificial Intelligence, cybersecurity, DevSecOps, Don't miss, Expert analysis, Expert corner, Hot stuff, machine learning, News, opinion, Protect AI, software development / SecurityTicks

Applying DevSecOps principles to machine learning workloads 2024-04-25 at 07:33 By Help Net Security Protecting data and other enterprise assets is an increasingly challenging task, and one that touches nearly every corner of an organization. As the complexity of digital systems grows, the challenges mount. One method that helps reign in the chaos is bringing

React to this headline:

Applying DevSecOps principles to machine learning workloads Read More »

Overcoming GenAI challenges in healthcare cybersecurity

Artificial Intelligence, cybersecurity, data, Don't miss, Features, framework, generative AI, healthcare, Hot stuff, machine learning, News, opinion, Privacy, Team8 Health / SecurityTicks

Overcoming GenAI challenges in healthcare cybersecurity 2024-04-25 at 07:01 By Mirko Zorz In this Help Net Security interview, Assaf Mischari, Managing Partner, Team8 Health, discusses the risks associated with GenAI healthcare innovations and their impact on patient privacy. What are the key cybersecurity challenges in healthcare in the context of GenAI, and how can they

React to this headline:

Overcoming GenAI challenges in healthcare cybersecurity Read More »

25 cybersecurity AI stats you should know

Accenture, Artificial Intelligence, Cisco, Cloud Security Alliance, Code42, cybercrime, cybersecurity, Don't miss, Dynatrace, FS-ISAC, Google Cloud, Group-IB, HiddenLayer, Hot stuff, ISC2, LastPass, McAfee, Netskope, News, report, survey, Zscaler / SecurityTicks

25 cybersecurity AI stats you should know 2024-04-25 at 06:31 By Help Net Security In this article, you will find excerpts from reports we recently covered, which offer stats and insights into the challenges and cybersecurity issues arising from the expansion of AI. Security pros are cautiously optimistic about AI Cloud Security Alliance and Google

React to this headline:

25 cybersecurity AI stats you should know Read More »

Hackers backdoored Cisco ASA devices via two zero-days (CVE-2024-20353, CVE-2024-20359)

0-day, CISA, Cisco, Don't miss, firewall, government-backed attacks, Hot stuff, Lumen, Microsoft, NCSC, News, security update / SecurityTicks

Hackers backdoored Cisco ASA devices via two zero-days (CVE-2024-20353, CVE-2024-20359) 2024-04-24 at 21:31 By Zeljka Zorz A state-sponsored threat actor has managed to compromise Cisco Adaptive Security Appliances (ASA) used on government networks across the globe and use two zero-day vulnerabilities (CVE-2024-20353, CVE-2024-20359) to install backdoors on them, Cisco Talos researchers have shared on Wednesday.

React to this headline:

Hackers backdoored Cisco ASA devices via two zero-days (CVE-2024-20353, CVE-2024-20359) Read More »

PoC for critical Progress Flowmon vulnerability released (CVE-2024-2389)

Don't miss, enterprise, network monitoring, News, PoC, Progress, Rhino Security, vulnerability / SecurityTicks

PoC for critical Progress Flowmon vulnerability released (CVE-2024-2389) 2024-04-24 at 15:01 By Zeljka Zorz More details of and a proof-of-concept exploit for an unauthenticated OS command injection vulnerability (CVE-2024-2389) in Flowmon, Progress Software’s network monitoring/analysis and security solution, have been published. The critical vulnerability has been disclosed and patched by Progress earlier this month. “Currently,

React to this headline:

PoC for critical Progress Flowmon vulnerability released (CVE-2024-2389) Read More »

GISEC Global 2024 video walkthrough

Claroty, Cloudflare, conferences, CyberKnight, cybersecurity, Don't miss, GISEC, Google Cloud, Hot stuff, Netscout, Netskope, NetSPI, OPSWAT, Resecurity, SecureLink, SecurityScorecard, Securonix, Sophos, Splunk, toolswatch, Trend Micro, UAE Cyber Security Council, Video, Waterfall Security Solutions, Zscaler / SecurityTicks

GISEC Global 2024 video walkthrough 2024-04-24 at 13:01 By Help Net Security In this Help Net Security video, we take you inside GISEC Global, which is taking place from April 23 to April 25, 2024, at the Dubai World Trade Centre. The video features the following vendors: Sophos, Waterfall Security Solutions, UAE Cyber Security Council,

React to this headline:

GISEC Global 2024 video walkthrough Read More »

GenAI can enhance security awareness training

awareness, cybersecurity, deepfakes, Don't miss, Expert analysis, Expert corner, framework, generative AI, Hot stuff, News, opinion, Prism Infosec, social engineering, training / SecurityTicks

GenAI can enhance security awareness training 2024-04-24 at 07:31 By Help Net Security One of the biggest concerns over generative AI is its ability to manipulate us, which makes it ideal for orchestrating social engineering attacks. From mining someone’s digital footprint to crafting highly convincing spear phishing emails, to voice capture enabling vishing and deep

React to this headline:

GenAI can enhance security awareness training Read More »

The relationship between cybersecurity and work tech innovation

collaboration, cybersecurity, Don't miss, Envoy, Hot stuff, hybrid workforce, remote access, strategy, Video / SecurityTicks

The relationship between cybersecurity and work tech innovation 2024-04-24 at 06:01 By Help Net Security As organizations navigate the complexities of hybrid work arrangements and the gradual return to the office, the cybersecurity threat landscape has become increasingly challenging, with issues such as the proliferation of personal devices, the expansion of remote access points, and

React to this headline:

The relationship between cybersecurity and work tech innovation Read More »

eBook: Cloud security skills

Don't miss, ISC2, News, Whitepapers and webinars / SecurityTicks

eBook: Cloud security skills 2024-04-24 at 05:46 By Help Net Security Demonstrating a sound understanding of cloud security key principles and practices opens various professional opportunities. But first, you need the right mix of technical and soft skills to emerge as a leader. Inside this eBook: Why a career in cloud security? Career pathways The

React to this headline:

eBook: Cloud security skills Read More »

Russian hackers’ custom tool exploits old Windows Print Spooler flaw (CVE-2022-38028)

0-day, APT, CVE, cyber espionage, Don't miss, exploit, Hot stuff, Microsoft, News, Windows / SecurityTicks

Russian hackers’ custom tool exploits old Windows Print Spooler flaw (CVE-2022-38028) 2024-04-23 at 17:01 By Zeljka Zorz For nearly four years and perhaps even longer, Forest Blizzard (aka Fancy Bear, aka APT28) has been using a custom tool that exploits a specific vulnerability in Windows Print Spooler service (CVE-2022-38028). Dubbed GooseEgg, the tool is a

React to this headline:

Russian hackers’ custom tool exploits old Windows Print Spooler flaw (CVE-2022-38028) Read More »

CrushFTP zero-day exploited by attackers, upgrade immediately! (CVE-2024-4040)

Censys, CrowdStrike, CrushFTP, CVE, Don't miss, enterprise, exploit, FTP, Hot stuff, News / SecurityTicks

CrushFTP zero-day exploited by attackers, upgrade immediately! (CVE-2024-4040) 2024-04-23 at 13:01 By Zeljka Zorz A vulnerability (CVE-2024-4040) in enterprise file transfer solution CrushFTP is being exploited by attackers in a targeted fashion, according to Crowdstrike. The vulnerability allows attackers to escape their virtual file system and download system files (i.e., configuration files), but only if

React to this headline:

CrushFTP zero-day exploited by attackers, upgrade immediately! (CVE-2024-4040) Read More »

The rising influence of AI on the 2024 US election

Artificial Intelligence, cybersecurity, deepfakes, Don't miss, election security, Expert analysis, Expert corner, Hot stuff, News, opinion, Sentra, social media / SecurityTicks

The rising influence of AI on the 2024 US election 2024-04-23 at 08:01 By Help Net Security We stand at a crossroads for election misinformation: on one side our election apparatus has reached a higher level of security and is better defended from malicious attackers than ever before. On the other side, the rise of

React to this headline:

The rising influence of AI on the 2024 US election Read More »

10 colleges and universities shaping the future of cybersecurity education

Berkeley, Carnegie Mellon University, cybersecurity, Don't miss, education, Hot stuff, MIT, News, skill development, University of Cambridge / SecurityTicks

10 colleges and universities shaping the future of cybersecurity education 2024-04-23 at 07:01 By Help Net Security Institutions featured on this list often provide undergraduate and graduate degrees, courses, as well as certificate programs tailored to meet the growing demand for cybersecurity professionals in various industries. Some notable colleges and universities renowned for their cybersecurity

React to this headline:

10 colleges and universities shaping the future of cybersecurity education Read More »

What is multi-factor authentication (MFA), and why is it important?

access management, authentication, BARR Advisory, cybersecurity, Don't miss, Hot stuff, MFA, password manager, passwords, Privacy, tips, Video / SecurityTicks

What is multi-factor authentication (MFA), and why is it important? 2024-04-23 at 06:31 By Help Net Security Setting up MFA can seem daunting for consumers just beginning to clean up their security postures. In this Help Net Security video, Larry Kinkaid, Manager, Cybersecurity Consulting at BARR Advisory, shares tips for consumers who need simple, accessible

React to this headline:

What is multi-factor authentication (MFA), and why is it important? Read More »

MITRE breached by nation-state threat actor via Ivanti zero-days

data breach, Don't miss, Hot stuff, Incident Response, Ivanti, Mandiant, MITRE, News, Volexity / SecurityTicks

MITRE breached by nation-state threat actor via Ivanti zero-days 2024-04-22 at 15:16 By Zeljka Zorz MITRE has been breached by attackers via two zero-day vulnerabilities (CVE-2023-46805, CVE-2024-21887) in Ivanti’s Connect Secure VPN devices. The attackers have also managed to move laterally and compromise the company network’s VMware infrastructure, MITRE confirmed late last week. What is

React to this headline:

MITRE breached by nation-state threat actor via Ivanti zero-days Read More »

Don’t miss