Don't miss - Security Ticks

How to design and deliver an effective cybersecurity exercise

cyberattacks, cybersecurity, digital transformation, Don't miss, Expert analysis, Expert corner, Hot stuff, Incident Response, Information Security Forum, News, opinion, penetration testing, red team / SecurityTicks

How to design and deliver an effective cybersecurity exercise 2024-04-01 at 07:04 By Help Net Security Armed forces have always utilized war-gaming exercises for battlefield training to prepare for times of conflict. With today’s digital transformation, the same concept is being applied in the form of cybersecurity exercises – tests and simulations based on plausible […]

React to this headline:

How to design and deliver an effective cybersecurity exercise Read More »

XZ Utils backdoor update: Which Linux distros are affected and what can you do?

Alpine, backdoor, Debian, Don't miss, Fedora, Hot stuff, Kali Linux, Linux, Linux Mint, News, open source, Orca Security, Red Hat, supply chain attacks, Ubuntu, vulnerability / SecurityTicks

XZ Utils backdoor update: Which Linux distros are affected and what can you do? 2024-03-31 at 21:01 By Zeljka Zorz The news that XZ Utils, a compression utility present in most Linux distributions, has been backdoored by a supposedly trusted maintainer has rattled the open-source software community on Friday, mere hours until the beginning of

React to this headline:

XZ Utils backdoor update: Which Linux distros are affected and what can you do? Read More »

Beware! Backdoor found in XZ utilities used by many Linux distros (CVE-2024-3094)

backdoor, CISA, CVE, Debian, Don't miss, Fedora, Hot stuff, Linux, News, open source, Red Hat, SUSE, vulnerability / SecurityTicks

Beware! Backdoor found in XZ utilities used by many Linux distros (CVE-2024-3094) 2024-03-29 at 20:31 By Zeljka Zorz A vulnerability (CVE-2024-3094) in XZ Utils, the XZ format compression utilities included in most Linux distributions, may “enable a malicious actor to break sshd authentication and gain unauthorized access to the entire system remotely,” Red Hat warns.

React to this headline:

Beware! Backdoor found in XZ utilities used by many Linux distros (CVE-2024-3094) Read More »

How much does cloud-based identity expand your attack surface?

access management, credentials, cybersecurity, Don't miss, Expert analysis, Expert corner, Hot stuff, identity, identity management, IS Decisions, News, opinion, Risk Management / SecurityTicks

How much does cloud-based identity expand your attack surface? 2024-03-29 at 08:01 By Help Net Security We all know using a cloud-based identity provider (IdP) expands your attack surface, but just how big does that attack surface get? And can we even know for sure? As Michael Jordan once said, “Get the fundamentals down, and

React to this headline:

How much does cloud-based identity expand your attack surface? Read More »

Finding software flaws early in the development process provides ROI

cybersecurity, Don't miss, Hot stuff, News, Probely, security assessment, security testing, software, software development / SecurityTicks

Finding software flaws early in the development process provides ROI 2024-03-29 at 06:31 By Help Net Security Enterprises spend enormous effort fixing software vulnerabilities that make their way into their publicly-facing applications. The Consortium for Information and Software Quality estimates that the cost of poor software quality in the United States reached $2.41 trillion in

React to this headline:

Finding software flaws early in the development process provides ROI Read More »

Zero-day exploitation surged in 2023, Google finds

0-day, APT, cybercrime, Don't miss, exploit, Google, Hot stuff, Mandiant, News, spyware / SecurityTicks

Zero-day exploitation surged in 2023, Google finds 2024-03-28 at 17:17 By Zeljka Zorz 2023 saw attackers increasingly focusing on the discovery and exploitation of zero-day vulnerabilities in third-party libraries (libvpx, ImagelO) and drivers (Mali GPU, Qualcomm Adreno GPU), as they can affect multiple products and effectively offer more possibilities for attack. Another interesting conclusion from

React to this headline:

Zero-day exploitation surged in 2023, Google finds Read More »

NHS Scotland confirms ransomware attackers leaked patients’ data

Data leak, Don't miss, extortion, healthcare, Hot stuff, News, Ransomware, UK / SecurityTicks

NHS Scotland confirms ransomware attackers leaked patients’ data 2024-03-28 at 14:31 By Zeljka Zorz NHS Dumfries and Galloway (part of NHS Scotland) has confirmed that a “recognised ransomware group” was able to “access a significant amount of data including patient and staff-identifiable information,” and has published “clinical data relating to a small number of patients.”

React to this headline:

NHS Scotland confirms ransomware attackers leaked patients’ data Read More »

Patch actively exploited Microsoft SharePoint bug, CISA orders federal agencies (CVE-2023-24955)

CISA, Don't miss, enterprise, Government, Hot stuff, News, Synopsys, vulnerability / SecurityTicks

Patch actively exploited Microsoft SharePoint bug, CISA orders federal agencies (CVE-2023-24955) 2024-03-28 at 12:32 By Zeljka Zorz The Cybersecurity and Infrastructure Security Agency (CISA) has added CVE-2023-24955 – a code injection vulnerability that allows authenticated attackers to execute code remotely on a vulnerable Microsoft SharePoint Server – to its KEV catalog and is demanding that

React to this headline:

Patch actively exploited Microsoft SharePoint bug, CISA orders federal agencies (CVE-2023-24955) Read More »

Debunking compliance myths in the digital era

auditing, Compliance, cybersecurity, Don't miss, Expert analysis, Expert corner, framework, Hot stuff, MJD Advisors, News, opinion, security testing / SecurityTicks

Debunking compliance myths in the digital era 2024-03-28 at 08:02 By Help Net Security Despite recent economic fluctuations, the software-as-a-service (SaaS) market isn’t letting up. The industry is set to grow annually by over 18% and be valued at $908.21 billion by 2030. It’s evident the industry is fueled by an increasing reliance on software

React to this headline:

Debunking compliance myths in the digital era Read More »

How CISOs tackle business payment fraud

Artificial Intelligence, BEC scams, CISO, cybersecurity, Don't miss, Email, fraud, Hot stuff, supply chain, Trustmi, Video / SecurityTicks

How CISOs tackle business payment fraud 2024-03-28 at 07:01 By Help Net Security In this Help Net Security video, Shai Gabay, CEO of Trustmi, discusses why payments are a source of cyber worry for CISOs. CISOs are worried about Business Email Compromise (BEC), cyber attackers’ use of AI, and securing the supply chain. These are

React to this headline:

How CISOs tackle business payment fraud Read More »

AI framework vulnerability is being used to compromise enterprise servers (CVE-2023-48022)

Anyscale, authentication, Bishop Fox, Don't miss, enterprise, Hot stuff, machine learning, News, Oligo Security, vulnerability / SecurityTicks

AI framework vulnerability is being used to compromise enterprise servers (CVE-2023-48022) 2024-03-27 at 13:16 By Zeljka Zorz Attackers are leveraging a vulnerability (CVE-2023-48022) in Anyscale’s Ray AI software to compromise enterprise servers and saddle them with cryptominers and reverse shells. “To our knowledge, the attack started 7 months ago,” Avi Lumelsky, a researcher at Oligo

React to this headline:

AI framework vulnerability is being used to compromise enterprise servers (CVE-2023-48022) Read More »

Attackers leverage weaponized iMessages, new phishing-as-a-service platform

Android, Don't miss, Hot stuff, iOS, macOS, Netcraft, News, phishing / SecurityTicks

Attackers leverage weaponized iMessages, new phishing-as-a-service platform 2024-03-27 at 12:31 By Zeljka Zorz Scammers are leveraging the Darcula phishing-as-a-service platform, iMessages and Google Messages to great effect. The platform allows them to impersonate a variety of brands based in over 100 different countries: postal services, public and private utilities, packet delivery services, financial institutions, government

React to this headline:

Attackers leverage weaponized iMessages, new phishing-as-a-service platform Read More »

How security leaders can ease healthcare workers’ EHR-related burnout

access management, authentication, burnout, CISO, cybersecurity, Don't miss, Expert analysis, Expert corner, healthcare, Hot stuff, Hypori, News, opinion / SecurityTicks

How security leaders can ease healthcare workers’ EHR-related burnout 2024-03-27 at 08:05 By Help Net Security Staff experiencing burnout in healthcare settings is not something that security leaders typically worry about – unless, maybe, it is the security team itself that is suffering from it. Healthcare CISOs and privacy officers worry more about the confidentiality

React to this headline:

How security leaders can ease healthcare workers’ EHR-related burnout Read More »

Cybersecurity jobs available right now: March 27, 2024

cybersecurity jobs, Don't miss, Hot stuff, News / SecurityTicks

Cybersecurity jobs available right now: March 27, 2024 2024-03-27 at 07:31 By Mirko Zorz Cyber Product Owner UBS | Israel | On-site – View job details Your primary responsibilities will include owning and managing application security testing products, collaborating with the cyber hygiene operational team, and understanding their needs. You will also engage with the

React to this headline:

Cybersecurity jobs available right now: March 27, 2024 Read More »

Essential elements of a strong data protection strategy

backup, Cloud, cyber resilience, cybersecurity, Data Protection, Don't miss, Features, Hot stuff, News, opinion, strategy, Veritas Technologies / SecurityTicks

Essential elements of a strong data protection strategy 2024-03-27 at 07:01 By Mirko Zorz In this Help Net Security interview, Matt Waxman, SVP and GM for data protection at Veritas Technologies, discusses the components of a robust data protection strategy, emphasizing the escalating threat of ransomware. He highlights the importance of backup and recovery protocols

React to this headline:

Essential elements of a strong data protection strategy Read More »

Drozer: Open-source Android security assessment framework

Android, Application Security, Don't miss, GitHub, Hot stuff, mobile security, News, open source, penetration testing, software, WithSecure / SecurityTicks

Drozer: Open-source Android security assessment framework 2024-03-27 at 06:32 By Mirko Zorz Drozer is an open-source security testing framework for Android, whose primary purpose is to make the life of mobile application security testers easier. Drozer features The solution enables the identification of security vulnerabilities in applications and devices by taking on the role of

React to this headline:

Drozer: Open-source Android security assessment framework Read More »

Cybersecurity essentials during M&A surge

communication, cybersecurity, Don't miss, Gathid, Hot stuff, risk, Video / SecurityTicks

Cybersecurity essentials during M&A surge 2024-03-27 at 06:01 By Help Net Security The volume of mergers and acquisitions has surged significantly this quarter. Data from Dealogic shows a 130% increase in US M&A activity, totaling $288 billion. Worldwide M&A has also seen a substantial uptick, rising by 56% to $453 billion. Considering the rise in

React to this headline:

Cybersecurity essentials during M&A surge Read More »

17,000+ Microsoft Exchange servers in Germany are vulnerable to attack, BSI warns

BSI, Don't miss, enterprise, Germany, Hot stuff, Microsoft Exchange, News, Shadowserver, vulnerability / SecurityTicks

17,000+ Microsoft Exchange servers in Germany are vulnerable to attack, BSI warns 2024-03-26 at 15:31 By Zeljka Zorz Around 12% of the 45,000 or so Microsoft Exchange servers in Germany that can be accessed from the Internet without restrictions “are so outdated that security updates are no longer offered for them,” the German Federal Office

React to this headline:

17,000+ Microsoft Exchange servers in Germany are vulnerable to attack, BSI warns Read More »

Apps secretly turning devices into proxy network nodes removed from Google Play

consumer, Don't miss, enterprise, Hot stuff, HUMAN Security, mobile apps, News, Orange Cyberdefense, Proxy, research, Sekoia.io / SecurityTicks

Apps secretly turning devices into proxy network nodes removed from Google Play 2024-03-26 at 12:16 By Zeljka Zorz Your smartphone might be part of a proxy network, and you might not even know it: all it takes is for you to download apps whose developers have included the functionality and didn’t mention it. If that

React to this headline:

Apps secretly turning devices into proxy network nodes removed from Google Play Read More »

Reinforcement learning is the path forward for AI integration into cybersecurity

Artificial Intelligence, CISO, cybersecurity, data, Don't miss, Expert analysis, Expert corner, Groupe SEB, Hot stuff, machine learning, News, opinion, predictions, SOC / SecurityTicks

Reinforcement learning is the path forward for AI integration into cybersecurity 2024-03-26 at 08:01 By Help Net Security AI’s algorithms and machine learning can cull through immense volumes of data efficiently and in a relatively short amount of time. This is instrumental to helping network defenders sift through a never-ending supply of alerts and identify

React to this headline:

Reinforcement learning is the path forward for AI integration into cybersecurity Read More »

Don’t miss