Don't miss - Security Ticks

Google Play Protect takes on malicious apps with code-level scanning

Android, app, Application Security, Don't miss, Google, Google Play, Hot stuff, Malware, News, scanning / SecurityTicks

Google Play Protect takes on malicious apps with code-level scanning 19/10/2023 at 13:47 By Helga Labus Google is enhancing Google Play Protect’s real-time scanning to include code-level scanning, to keep Android devices safe from malicious and unwanted apps, especially those downloaded (or sideloaded) from outside of the Google Play app store – whether from third-party […]

React to this headline:

Google Play Protect takes on malicious apps with code-level scanning Read More »

2024 cybersecurity predictions: GenAI edition

Artificial Intelligence, cybersecurity, Don't miss, Expert analysis, Expert corner, generative AI, Hot stuff, News, opinion, Stellar Cyber / SecurityTicks

2024 cybersecurity predictions: GenAI edition 19/10/2023 at 12:36 By Help Net Security Unless you have lived under a rock for the past year, you know that generative artificial intelligence applications, such as ChatGPT, have penetrated many aspects of our online lives. From generating marketing content, creating images for advertisements and blogs, or even writing malicious

React to this headline:

2024 cybersecurity predictions: GenAI edition Read More »

Google ads for KeePass, Notepad++ lead to malware

consumer, Don't miss, enterprise, Google Search, Hot stuff, KeePass, malvertising, Malware, Malwarebytes, News, search engine, SMBs / SecurityTicks

Google ads for KeePass, Notepad++ lead to malware 19/10/2023 at 12:16 By Zeljka Zorz Users using Google to search for and download the KeePass password manager and the Notepad++ text editor may have inadvertently gotten saddled with malware, says Jérôme Segura, Director of Threat Intelligence at Malwarebytes. Malvertising via search engine ads is a constant,

React to this headline:

Google ads for KeePass, Notepad++ lead to malware Read More »

The must-knows about low-code/no-code platforms

Artificial Intelligence, automation, cybersecurity, DevSecOps, Digital.ai, Don't miss, Expert analysis, Expert corner, generative AI, Hot stuff, News, opinion / SecurityTicks

The must-knows about low-code/no-code platforms 19/10/2023 at 08:03 By Help Net Security The era of AI has proven that machine learning technologies have a unique and effective capability to streamline processes that alter the ways we live and work. We now have the option to listen to playlists carefully curated to match our taste by

React to this headline:

The must-knows about low-code/no-code platforms Read More »

Reinforcing cybersecurity: The network’s role to prevent, detect, and respond to attacks

cybersecurity, data breach, data loss prevention, DNS, Don't miss, Expert analysis, Expert corner, Hot stuff, Kentik, network, News, opinion / SecurityTicks

Reinforcing cybersecurity: The network’s role to prevent, detect, and respond to attacks 19/10/2023 at 07:34 By Help Net Security It’s always DNS. That’s what the famous internet meme popular among sysadmins says anyway. It’s funny because while clearly, every network issue doesn’t resolve to some funky DNS issue, too many network admins have banged their

React to this headline:

Reinforcing cybersecurity: The network’s role to prevent, detect, and respond to attacks Read More »

Addressing cyber threats in healthcare operational technology

cybersecurity, data security, Don't miss, Entelgy, framework, healthcare, Hot stuff, IoMT, medical devices, regulation, strategy, threats, Video / SecurityTicks

Addressing cyber threats in healthcare operational technology 19/10/2023 at 07:01 By Help Net Security The proliferation of connected medical devices (IoMT) in hospitals demands a holistic approach to cybersecurity beyond just the digital IT realm. Industrial cybersecurity (OT) requires integrated solutions to address its unique challenges. In this Help Net Security video, Estefanía Rojas Campos,

React to this headline:

Addressing cyber threats in healthcare operational technology Read More »

State-sponsored APTs are leveraging WinRAR bug

APT, Don't miss, DuskRise, exploit, Google, government-backed attacks, Hot stuff, News, phishing, spear-phishing, WinRAR / SecurityTicks

State-sponsored APTs are leveraging WinRAR bug 18/10/2023 at 18:21 By Zeljka Zorz A number of government-backed APTs are exploiting CVE-2023-38831, a file extension spoofing vulnerability in WinRAR, a widely used file archiver utility for Windows. CVE-2023-38831 has been patched in August 2023, along with another high-severity RCE vulnerability (CVE-2023-40477). Exploited as a zero-day by cybercriminals

React to this headline:

State-sponsored APTs are leveraging WinRAR bug Read More »

Citrix NetScaler bug exploited in the wild since August (CVE-2023-4966)

0-day, Citrix, Don't miss, exploit, Hot stuff, Mandiant, News, security update / SecurityTicks

Citrix NetScaler bug exploited in the wild since August (CVE-2023-4966) 18/10/2023 at 17:18 By Helga Labus A recently patched Citrix NetScaler ADC/Gateway information disclosure vulnerability (CVE-2023-4966) has been exploited by attackers in the wild since late August 2023, Mandiant researchers have revealed. About CVE-2023-4966 Citrix’s security advisory, published on October 10, says that the vulnerability

React to this headline:

Citrix NetScaler bug exploited in the wild since August (CVE-2023-4966) Read More »

Jupyter Notebooks targeted by cryptojackers

AWS, Cado Security, Cloud, cryptojacking, Don't miss, Google Cloud, Hot stuff, Malware, News / SecurityTicks

Jupyter Notebooks targeted by cryptojackers 18/10/2023 at 14:36 By Helga Labus Cryptojackers are targeting exposed Jupyter Notebooks to install cryptominers and steal credential files for popular cloud services, researchers have uncovered. What are Jupyter Notebooks? “Jupyter is a service that allows you to host individual snippets of code and lets others execute this code in

React to this headline:

Jupyter Notebooks targeted by cryptojackers Read More »

The evolution of deception tactics from traditional to cyber warfare

Acalvio, Artificial Intelligence, automation, CISA, cyber resilience, cybersecurity, Cyberwarfare, data, deception, digital transformation, Don't miss, Features, framework, Government, Hot stuff, News, opinion, regulation, strategy, USA / SecurityTicks

The evolution of deception tactics from traditional to cyber warfare 18/10/2023 at 07:33 By Mirko Zorz Admiral James A. Winnefeld, USN (Ret.), is the former vice chairman of the Joint Chiefs of Staff and is an advisor to Acalvio Technologies. In this Help Net Security interview, he compares the strategies of traditional and cyber warfare,

React to this headline:

The evolution of deception tactics from traditional to cyber warfare Read More »

10 essential cybersecurity cheat sheets available for free

cloud security, cybersecurity, Don't miss, guide, Hot stuff, Incident Response, Linux, News, skill development, strategy, tips, Windows / SecurityTicks

10 essential cybersecurity cheat sheets available for free 18/10/2023 at 07:02 By Help Net Security Cheat sheets are concise, to-the-point references tailored for instant insights. This article provides a curated list of 10 essential cybersecurity cheat sheets, all free to download. Whether you’re seeking a quick refresher or a beginner trying to make sense of

React to this headline:

10 essential cybersecurity cheat sheets available for free Read More »

Secure source code but vulnerable app: Tackle compiler-born vulnerabilities

DerSecur, Don't miss, News, Whitepapers and webinars / SecurityTicks

Secure source code but vulnerable app: Tackle compiler-born vulnerabilities 18/10/2023 at 05:47 By Help Net Security In the pursuit of optimized performance, modern compilers employ sophisticated techniques, translating high-level source code into efficient, executable programs. However, this advanced translation sometimes inadvertently weaves vulnerabilities into the fabric of the end product. Unbeknownst to many, these obscure

React to this headline:

Secure source code but vulnerable app: Tackle compiler-born vulnerabilities Read More »

Valve introduces SMS-based confirmation to prevent malicious games on Steam

authentication, Don't miss, ESET, Hot stuff, MFA, News, security update, software development, Steam / SecurityTicks

Valve introduces SMS-based confirmation to prevent malicious games on Steam 17/10/2023 at 16:32 By Helga Labus Video game publisher/digital distribution company Valve is forcing developers who publish games on its Steam platform to “validate” new builds with a confirmation code received via SMS. The Steam SMS confirmation requirement Valve sent out notices last month to

React to this headline:

Valve introduces SMS-based confirmation to prevent malicious games on Steam Read More »

Researchers warn of increased malware delivery via fake browser updates

consumer, Don't miss, enterprise, Hot stuff, Malware, News, Proofpoint, Sekoia.io, WordPress / SecurityTicks

Researchers warn of increased malware delivery via fake browser updates 17/10/2023 at 13:32 By Zeljka Zorz ClearFake, a recently documented threat leveraging compromised WordPress sites to push malicious fake browser updates, is likely operated by the threat group behind the SocGholish “malware delivery via fake browser updates” campaigns, Sekoia researchers have concluded. About ClearFake ClearFake

React to this headline:

Researchers warn of increased malware delivery via fake browser updates Read More »

How to go from collecting risk data to actually reducing risk?

cybersecurity, DevOps, Don't miss, Expert analysis, Expert corner, Hot stuff, News, opinion, remediation, Risk Management, Seemplicity, strategy, tips / SecurityTicks

How to go from collecting risk data to actually reducing risk? 17/10/2023 at 08:17 By Help Net Security Organizations trying to cope with securing their expanding attack surfaces eventually find themselves at a crossroads: they need to move beyond finding risks to effectively mitigating risk. Making that transition starts with a shift from using “risks

React to this headline:

How to go from collecting risk data to actually reducing risk? Read More »

The collaborative power of CISOs, CTOs and CIOs for a secure future

CIO, CISO, Cloud, collaboration, Compliance, cybersecurity, Don't miss, Features, generative AI, Google, Google Cloud, Hot stuff, investment, News, opinion, Risk Management, strategy / SecurityTicks

The collaborative power of CISOs, CTOs and CIOs for a secure future 17/10/2023 at 07:03 By Mirko Zorz In this Help Net Security interview, Phil Venables, CISO at Google Cloud, discusses the results of a recent Google report on board collaboration with the C-suite — particularly the CIO, CTO, and CISO to stay current with

React to this headline:

The collaborative power of CISOs, CTOs and CIOs for a secure future Read More »

Essential cyber hygiene: Making cyber defense cost effective

Center for Internet Security, Don't miss, News / SecurityTicks

Essential cyber hygiene: Making cyber defense cost effective 17/10/2023 at 05:32 By Help Net Security Strengthening your cyber defenses can be a daunting task. Where do you start? Which tools do you use? How much will it cost? And, what do you risk losing if you do nothing? It’s not always easy to answer these

React to this headline:

Essential cyber hygiene: Making cyber defense cost effective Read More »

Cisco IOS XE zero-day exploited by attackers to deliver implant (CVE-2023-20198)

0-day, attack, Cisco, Don't miss, Hot stuff, News / SecurityTicks

Cisco IOS XE zero-day exploited by attackers to deliver implant (CVE-2023-20198) 16/10/2023 at 22:33 By Zeljka Zorz A previously unknown vulnerability (CVE-2023-20198) affecting networking devices running Cisco IOS XE software is being exploited by a threat actor to take control of the devices and install an implant, Cisco Talos researchers have warned today. About CVE-2023-20198

React to this headline:

Cisco IOS XE zero-day exploited by attackers to deliver implant (CVE-2023-20198) Read More »

Compromised Skype accounts deliver DarkGate malware to employees

account hijacking, Don't miss, enterprise, Hot stuff, Malware, Microsoft Teams, News, Skype, Trend Micro / SecurityTicks

Compromised Skype accounts deliver DarkGate malware to employees 16/10/2023 at 16:46 By Helga Labus A threat actor is using compromised Skype accounts to deliver the DarkGate malware to target organizations, Trend Micro researchers have warned. “Versions of DarkGate have been advertised on Russian language forum eCrime since May 2023. Since then, an increase in the

React to this headline:

Compromised Skype accounts deliver DarkGate malware to employees Read More »

Microsoft announces AI bug bounty program

Artificial Intelligence, Bing, bug bounty, Don't miss, Hot stuff, Microsoft, News / SecurityTicks

Microsoft announces AI bug bounty program 16/10/2023 at 15:18 By Zeljka Zorz Microsoft is offering up to $15,000 to bug hunters that pinpoint vulnerabilities of Critical or Important severity in its AI-powered “Bing experience”. “The new Microsoft AI bounty program comes as a result of key investments and learnings over the last few months, including

React to this headline:

Microsoft announces AI bug bounty program Read More »

Don’t miss