Don't miss - Security Ticks

Palo Alto firewalls: CVE-2024-3400 exploitation and PoCs for persistence after resets/upgrades

Don't miss, exploit, firewall, Hot stuff, News, Palo Alto Networks, PoC / SecurityTicks

Palo Alto firewalls: CVE-2024-3400 exploitation and PoCs for persistence after resets/upgrades 2024-04-30 at 15:47 By Zeljka Zorz There are proof-of-concept techniques allowing attackers to achieve persistence on Palo Alto Networks firewalls after CVE-2024-3400 has been exploited, the company has confirmed on Monday, but they are “not aware at this time of any malicious attempts to […]

React to this headline:

Palo Alto firewalls: CVE-2024-3400 exploitation and PoCs for persistence after resets/upgrades Read More »

Triangulation fraud: The costly scam hitting online retailers

Artificial Intelligence, attacks, authentication, biometrics, cybersecurity, Don't miss, Features, fraud, Hot stuff, News, online payment, opinion, remote access, scams, Visa / SecurityTicks

Triangulation fraud: The costly scam hitting online retailers 2024-04-30 at 08:01 By Mirko Zorz In this Help Net Security interview, Mike Lemberger, Visa’s SVP, Chief Risk Officer, North America, discusses the severe financial losses resulting from triangulation fraud, estimating monthly losses to range from $660 million to $1 billion among merchants. He also highlights the

React to this headline:

Triangulation fraud: The costly scam hitting online retailers Read More »

Tracecat: Open-source SOAR

automation, cybersecurity, Don't miss, GitHub, Hot stuff, News, open source, SOAR, software / SecurityTicks

Tracecat: Open-source SOAR 2024-04-30 at 07:31 By Mirko Zorz Tracecat is an open-source automation platform for security teams. The developers believe security automation should be accessible to everyone, especially understaffed small- to mid-sized teams. Core features, user interfaces, and day-to-day workflows are based on existing best practices from best-in-class security teams. Use specialized AI models

React to this headline:

Tracecat: Open-source SOAR Read More »

Why the automotive sector is a target for email-based cyber attacks

Abnormal Security, automotive security, cyberattacks, cybersecurity, Don't miss, Email, Hot stuff, Video / SecurityTicks

Why the automotive sector is a target for email-based cyber attacks 2024-04-30 at 07:01 By Help Net Security While every organization across every vertical is at risk of advanced email attacks, certain industries periodically become the go-to target for threat actors. In this Help Net Security video, Mick Leach, Field CISO at Abnormal Security, discusses

React to this headline:

Why the automotive sector is a target for email-based cyber attacks Read More »

eBook: Do you have what it takes to lead in cybersecurity?

Don't miss, Hot stuff, ISC2, News, Whitepapers and webinars / SecurityTicks

eBook: Do you have what it takes to lead in cybersecurity? 2024-04-30 at 05:31 By Help Net Security Organizations worldwide need talented, experienced, and knowledgeable cybersecurity teams who understand the advantages and risks of emerging technologies. Aspiring leaders in the cybersecurity field need more than just job experience. They need a diverse and robust set

React to this headline:

eBook: Do you have what it takes to lead in cybersecurity? Read More »

UK enacts IoT cybersecurity law

consumer, Don't miss, Hot stuff, Internet of Things, legislation, News, smart home, smart lock, smart toys, smart tv, smartphone, UK, USA / SecurityTicks

UK enacts IoT cybersecurity law 2024-04-29 at 17:01 By Zeljka Zorz The Product Security and Telecommunications Infrastructure (PSTI) Act has come into effect today, requiring manufacturers of consumer-grade IoT products sold in the UK to stop using guessable default passwords and have a vulnerability disclosure policy. “Most smart devices are manufactured outside the UK, but

React to this headline:

UK enacts IoT cybersecurity law Read More »

Okta warns customers about credential stuffing onslaught

account hijacking, account protection, attacks, credentials, Don't miss, Hot stuff, News, Okta / SecurityTicks

Okta warns customers about credential stuffing onslaught 2024-04-29 at 14:01 By Zeljka Zorz Credential stuffing attacks have exploded this April, Okta warns, and advises its customers to use available tools to block access requests originating from residential proxies before authentication takes place. Abuse of proxy networks “In credential stuffing attacks, adversaries attempt to sign-in to

React to this headline:

Okta warns customers about credential stuffing onslaught Read More »

Prompt Fuzzer: Open-source tool for strengthening GenAI apps

Artificial Intelligence, Don't miss, generative AI, GitHub, Hot stuff, News, open source, software / SecurityTicks

Prompt Fuzzer: Open-source tool for strengthening GenAI apps 2024-04-29 at 08:01 By Mirko Zorz Prompt Fuzzer is an open-source tool that evaluates the security of your GenAI application’s system prompt against dynamic LLM-based threats. Prompt Fuzzer features Simulation of over a dozen types of GenAI attacks The tool contextualizes itself automatically based on the system

React to this headline:

Prompt Fuzzer: Open-source tool for strengthening GenAI apps Read More »

How insider threats can cause serious security breaches

Compliance, cybersecurity, Don't miss, Hot stuff, Insider Threat, Redspin, Video / SecurityTicks

How insider threats can cause serious security breaches 2024-04-29 at 07:34 By Help Net Security Insider threats are a prominent issue and can lead to serious security breaches. Just because someone is a colleague or employee does not grant inherent trust. In this Help Net Security video, Tara Lemieux, CMMC Consultant for Redspin, discusses insider

React to this headline:

How insider threats can cause serious security breaches Read More »

Most people still rely on memory or pen and paper for password management

authentication, Bitwarden, cybersecurity, Don't miss, News, passwords, report, survey / SecurityTicks

Most people still rely on memory or pen and paper for password management 2024-04-26 at 08:02 By Help Net Security Bitwarden surveyed 2,400 individuals from the US, UK, Australia, France, Germany, and Japan to investigate current user password practices. The survey shows that 25% of respondents globally reuse passwords across 11-20+ accounts, and 36% admit

React to this headline:

Most people still rely on memory or pen and paper for password management Read More »

What AI can tell organizations about their M&A risk

analytics, Artificial Intelligence, cybersecurity, Don't miss, Hot stuff, risk, Risk Management, Vectra, Video / SecurityTicks

What AI can tell organizations about their M&A risk 2024-04-26 at 07:01 By Help Net Security Following the past few years of economic turbulence, merger and acquisition (M&A) activity is on the rise in 2024, with several acquisition deals being announced in the first few months of the year valued at billions of dollars. With

React to this headline:

What AI can tell organizations about their M&A risk Read More »

Breaking down the numbers: Cybersecurity funding activity recap

Aim Security, Alethea, anecdotes, Axonius, BforeAI, BigID, Bugcrowd, CyberSaint, cybersecurity, Defense Unicorns, Don't miss, Dropzone AI, Hot stuff, Incognia, investment, Nagomi Security, News, NinjaOne, Nozomi Networks, Oleria, Permit.io, Prompt Security, Prophet Security, PVML, Seal Security, Simbian, StrikeReady, Sublime Security, Sweet Security, Vicarius / SecurityTicks

Breaking down the numbers: Cybersecurity funding activity recap 2024-04-26 at 06:45 By Help Net Security Here’s a list of interesting cybersecurity companies that received funding so far in 2024. Aim Security January | $10 million Aim Security raised $10 million in seed funding, led by YL Ventures, with participation from CCL (Cyber Club London), the

React to this headline:

Breaking down the numbers: Cybersecurity funding activity recap Read More »

Applying DevSecOps principles to machine learning workloads

Artificial Intelligence, cybersecurity, DevSecOps, Don't miss, Expert analysis, Expert corner, Hot stuff, machine learning, News, opinion, Protect AI, software development / SecurityTicks

Applying DevSecOps principles to machine learning workloads 2024-04-25 at 07:33 By Help Net Security Protecting data and other enterprise assets is an increasingly challenging task, and one that touches nearly every corner of an organization. As the complexity of digital systems grows, the challenges mount. One method that helps reign in the chaos is bringing

React to this headline:

Applying DevSecOps principles to machine learning workloads Read More »

Overcoming GenAI challenges in healthcare cybersecurity

Artificial Intelligence, cybersecurity, data, Don't miss, Features, framework, generative AI, healthcare, Hot stuff, machine learning, News, opinion, Privacy, Team8 Health / SecurityTicks

Overcoming GenAI challenges in healthcare cybersecurity 2024-04-25 at 07:01 By Mirko Zorz In this Help Net Security interview, Assaf Mischari, Managing Partner, Team8 Health, discusses the risks associated with GenAI healthcare innovations and their impact on patient privacy. What are the key cybersecurity challenges in healthcare in the context of GenAI, and how can they

React to this headline:

Overcoming GenAI challenges in healthcare cybersecurity Read More »

25 cybersecurity AI stats you should know

Accenture, Artificial Intelligence, Cisco, Cloud Security Alliance, Code42, cybercrime, cybersecurity, Don't miss, Dynatrace, FS-ISAC, Google Cloud, Group-IB, HiddenLayer, Hot stuff, ISC2, LastPass, McAfee, Netskope, News, report, survey, Zscaler / SecurityTicks

25 cybersecurity AI stats you should know 2024-04-25 at 06:31 By Help Net Security In this article, you will find excerpts from reports we recently covered, which offer stats and insights into the challenges and cybersecurity issues arising from the expansion of AI. Security pros are cautiously optimistic about AI Cloud Security Alliance and Google

React to this headline:

25 cybersecurity AI stats you should know Read More »

Hackers backdoored Cisco ASA devices via two zero-days (CVE-2024-20353, CVE-2024-20359)

0-day, CISA, Cisco, Don't miss, firewall, government-backed attacks, Hot stuff, Lumen, Microsoft, NCSC, News, security update / SecurityTicks

Hackers backdoored Cisco ASA devices via two zero-days (CVE-2024-20353, CVE-2024-20359) 2024-04-24 at 21:31 By Zeljka Zorz A state-sponsored threat actor has managed to compromise Cisco Adaptive Security Appliances (ASA) used on government networks across the globe and use two zero-day vulnerabilities (CVE-2024-20353, CVE-2024-20359) to install backdoors on them, Cisco Talos researchers have shared on Wednesday.

React to this headline:

Hackers backdoored Cisco ASA devices via two zero-days (CVE-2024-20353, CVE-2024-20359) Read More »

PoC for critical Progress Flowmon vulnerability released (CVE-2024-2389)

Don't miss, enterprise, network monitoring, News, PoC, Progress, Rhino Security, vulnerability / SecurityTicks

PoC for critical Progress Flowmon vulnerability released (CVE-2024-2389) 2024-04-24 at 15:01 By Zeljka Zorz More details of and a proof-of-concept exploit for an unauthenticated OS command injection vulnerability (CVE-2024-2389) in Flowmon, Progress Software’s network monitoring/analysis and security solution, have been published. The critical vulnerability has been disclosed and patched by Progress earlier this month. “Currently,

React to this headline:

PoC for critical Progress Flowmon vulnerability released (CVE-2024-2389) Read More »

GISEC Global 2024 video walkthrough

Claroty, Cloudflare, conferences, CyberKnight, cybersecurity, Don't miss, GISEC, Google Cloud, Hot stuff, Netscout, Netskope, NetSPI, OPSWAT, Resecurity, SecureLink, SecurityScorecard, Securonix, Sophos, Splunk, toolswatch, Trend Micro, UAE Cyber Security Council, Video, Waterfall Security Solutions, Zscaler / SecurityTicks

GISEC Global 2024 video walkthrough 2024-04-24 at 13:01 By Help Net Security In this Help Net Security video, we take you inside GISEC Global, which is taking place from April 23 to April 25, 2024, at the Dubai World Trade Centre. The video features the following vendors: Sophos, Waterfall Security Solutions, UAE Cyber Security Council,

React to this headline:

GISEC Global 2024 video walkthrough Read More »

GenAI can enhance security awareness training

awareness, cybersecurity, deepfakes, Don't miss, Expert analysis, Expert corner, framework, generative AI, Hot stuff, News, opinion, Prism Infosec, social engineering, training / SecurityTicks

GenAI can enhance security awareness training 2024-04-24 at 07:31 By Help Net Security One of the biggest concerns over generative AI is its ability to manipulate us, which makes it ideal for orchestrating social engineering attacks. From mining someone’s digital footprint to crafting highly convincing spear phishing emails, to voice capture enabling vishing and deep

React to this headline:

GenAI can enhance security awareness training Read More »

The relationship between cybersecurity and work tech innovation

collaboration, cybersecurity, Don't miss, Envoy, Hot stuff, hybrid workforce, remote access, strategy, Video / SecurityTicks

The relationship between cybersecurity and work tech innovation 2024-04-24 at 06:01 By Help Net Security As organizations navigate the complexities of hybrid work arrangements and the gradual return to the office, the cybersecurity threat landscape has become increasingly challenging, with issues such as the proliferation of personal devices, the expansion of remote access points, and

React to this headline:

The relationship between cybersecurity and work tech innovation Read More »

Don’t miss