Don’t miss

Web-based PLC malware: A new potential threat to critical infrastructure

Don't miss, Hot stuff, ICS/SCADA, Malware, News, PLC, research, web application security /

Web-based PLC malware: A new potential threat to critical infrastructure 2024-03-07 at 13:47 By Zeljka Zorz A group of researchers from Georgia Tech’s College of Engineering have developed web-based programmable logic controller (PLC) malware able to target most PLCs produced by major manufacturers. “Our Web-Based (WB) PLC malware resides in PLC memory, but ultimately gets […]

React to this headline:

Loading spinner

Web-based PLC malware: A new potential threat to critical infrastructure Read More »

Today’s biggest AI security challenges

Artificial Intelligence, cybersecurity, Don't miss, HiddenLayer, News, report, survey /

Today’s biggest AI security challenges 2024-03-07 at 08:23 By Help Net Security 98% of companies surveyed view some of their AI models as vital for business success, and 77% have experienced breaches in their AI systems over the past year, according to HiddenLayer. The report surveyed 150 IT security and data science leaders to shed

React to this headline:

Loading spinner

Today’s biggest AI security challenges Read More »

Major shifts in identity, ransomware, and critical infrastructure threat trends

critical infrastructure, cybersecurity, Don't miss, Hot stuff, IBM X-Force, identity, Ransomware, threat, Video /

Major shifts in identity, ransomware, and critical infrastructure threat trends 2024-03-07 at 07:20 By Help Net Security In this Help Net Security video, Michelle Alvarez, Strategic Threat Analysis Manager at IBM X-Force, discusses the 2024 X-Force Threat Intelligence Index, revealing top threats and trends the team observed last year across its global engagements and how

React to this headline:

Loading spinner

Major shifts in identity, ransomware, and critical infrastructure threat trends Read More »

A cybercriminal is sentenced, will it make a difference?

Cynet, Don't miss, Hot stuff, News /

A cybercriminal is sentenced, will it make a difference? 2024-03-07 at 06:03 By Help Net Security The darknet is home to many underground hacking forums in which cybercriminals convene, freely sharing stories, tactics, success stories and failures. Their unguarded discussions allow our team to peek into the politics and ethics behind recent adversary activities. The

React to this headline:

Loading spinner

A cybercriminal is sentenced, will it make a difference? Read More »

Apple fixes two actively exploited iOS zero-days (CVE-2024-23225, CVE-2024-23296)

0-day, apple, Don't miss, Hot stuff, iOS, iPad, News, security update /

Apple fixes two actively exploited iOS zero-days (CVE-2024-23225, CVE-2024-23296) 2024-03-06 at 11:45 By Zeljka Zorz Apple has fixed two iOS zero-day vulnerabilities (CVE-2024-23225, CVE-2024-23296) exploited by attackers in the wild. CVE-2024-23225 and CVE-2024-23296 On Tuesday, Apple released security updates for all three supported branches of iOS and iPadOS. iOS and iPadOS 17.4 carry fixes for

React to this headline:

Loading spinner

Apple fixes two actively exploited iOS zero-days (CVE-2024-23225, CVE-2024-23296) Read More »

5 ways to keep API integrations secure

API security, cybersecurity, Don't miss, Expert analysis, Expert corner, Hot stuff, Merge, News, opinion, SIEM, software, update /

5 ways to keep API integrations secure 2024-03-06 at 08:20 By Help Net Security API integrations often handle sensitive data, such as employees’ personally identifiable information (PII), companies’ financial information, or even clients’ payment card data. Keeping this data safe from attackers—while ensuring that the integrations perform at the desired level—requires adopting several security measures.

React to this headline:

Loading spinner

5 ways to keep API integrations secure Read More »

RiskInDroid: Open-source risk analysis of Android apps

Android, code analysis, Don't miss, GitHub, Hot stuff, News, open source, scanning, software /

RiskInDroid: Open-source risk analysis of Android apps 2024-03-06 at 07:30 By Mirko Zorz RiskInDroid (Risk Index for Android) is an open-source tool for quantitative risk analysis of Android applications based on machine learning techniques. How RiskInDroid works “A user should be able to quickly assess an application’s level of risk by simply glancing at RiskInDroid’s

React to this headline:

Loading spinner

RiskInDroid: Open-source risk analysis of Android apps Read More »

Navigating regulation challenges for protecting sensitive healthcare data

ClearDATA, cybersecurity, data, Data Protection, Don't miss, healthcare, Hot stuff, Privacy, regulation, Video /

Navigating regulation challenges for protecting sensitive healthcare data 2024-03-06 at 07:10 By Help Net Security In this Help Net Security video, Chris Bowen, CISO at ClearDATA, emphasizes the importance of digital health companies being more transparent with their users. As more and more Americans flock to direct-to-consumer digital health apps and resources, most people don’t

React to this headline:

Loading spinner

Navigating regulation challenges for protecting sensitive healthcare data Read More »

How to create an efficient governance control program

Center for Internet Security, CISO, Don't miss, Hot stuff, how-to, News, strategy, tips /

How to create an efficient governance control program 2024-03-06 at 06:31 By Help Net Security Your success as an organization, especially in the cyber realm, depends on your security posture. To account for the ongoing evolution of digital threats, you need to implement robust governance control programs that address the current control environment and help

React to this headline:

Loading spinner

How to create an efficient governance control program Read More »

Hundreds of orgs targeted with emails aimed at stealing NTLM authentication hashes

authentication, Don't miss, Hot stuff, initial access broker, News, phishing, Proofpoint, Varonis, Windows /

Hundreds of orgs targeted with emails aimed at stealing NTLM authentication hashes 2024-03-05 at 12:47 By Zeljka Zorz A threat actor specializing in establishing initial access to target organizations’ computer systems and networks is using booby-trapped email attachments to steal employees’ NTLM hashes. Why are they after NTLM hashes? NT LAN Manager (NTLM) hashes contain

React to this headline:

Loading spinner

Hundreds of orgs targeted with emails aimed at stealing NTLM authentication hashes Read More »

Why cyber maturity assessment should become standard practice

cyber resilience, cybersecurity, Don't miss, Expert analysis, Expert corner, Hot stuff, News, opinion, Prism Infosec, risk, risk assessment, security controls /

Why cyber maturity assessment should become standard practice 2024-03-05 at 08:05 By Help Net Security Understanding risk is one thing, but how do you know if your organization has what it takes to withstand those risks being realized? Establishing cyber maturity can help determine resilience, where the strengths and weaknesses lie, and what needs to

React to this headline:

Loading spinner

Why cyber maturity assessment should become standard practice Read More »

3 free data protection regulation courses you can take right now

Data Protection, Don't miss, EU, GDPR, Government, Hot stuff, News, regulation, skill development /

3 free data protection regulation courses you can take right now 2024-03-05 at 07:31 By Help Net Security Increasingly, information about us, and even by us, is being processed. Even mundane or insignificant details can be combined and linked with other data in a manner that may intrude upon or pose a risk to our

React to this headline:

Loading spinner

3 free data protection regulation courses you can take right now Read More »

Secure your hybrid workforce: The advantages of encrypted storage

Compliance, cybersecurity, data security, Don't miss, Encryption, Hot stuff, hybrid workforce, Kingston Digital, regulation, storage, Video /

Secure your hybrid workforce: The advantages of encrypted storage 2024-03-05 at 07:02 By Help Net Security In this Help Net Security video, Ryan Amparo, Field Application Engineer at Kingston Technology, discusses the benefits of encrypted external SSDs and USBs for hybrid workforces. He talks about the differences between software and hardware encryption, why it’s important,

React to this headline:

Loading spinner

Secure your hybrid workforce: The advantages of encrypted storage Read More »

What organizations need to know about the Digital Operational Resilience Act (DORA)

auditing, Compliance, cybersecurity, Don't miss, EU, Features, Hot stuff, Kyndryl, News, opinion, penetration testing, regulation, resilience, Risk Management /

What organizations need to know about the Digital Operational Resilience Act (DORA) 2024-03-05 at 06:31 By Mirko Zorz In this Help Net Security interview, Kris Lovejoy, Global Security and Resilience Leader at Kyndryl, discusses the impact of the Digital Operational Resilience Act (DORA) on organizations across the EU, particularly in ICT risk management and cybersecurity.

React to this headline:

Loading spinner

What organizations need to know about the Digital Operational Resilience Act (DORA) Read More »

Critical vulnerabilities in TeamCity JetBrains fixed, release of technical details imminent, patch quickly! (CVE-2024-27198, CVE-2024-27199)

continuous integration, DevOps, Don't miss, Hot stuff, JetBrains, News, Rapid7, security update, software development, vulnerability /

Critical vulnerabilities in TeamCity JetBrains fixed, release of technical details imminent, patch quickly! (CVE-2024-27198, CVE-2024-27199) 2024-03-04 at 18:07 By Zeljka Zorz JetBrains has fixed two critical security vulnerabilities (CVE-2024-27198, CVE-2024-27199) affecting TeamCity On-Premises and is urging customers to patch them immediately. “Rapid7 originally identified and reported these vulnerabilities to us and has chosen to adhere

React to this headline:

Loading spinner

Critical vulnerabilities in TeamCity JetBrains fixed, release of technical details imminent, patch quickly! (CVE-2024-27198, CVE-2024-27199) Read More »

GitHub push protection now on by default for public repositories

Data leak, Don't miss, GitHub, Hot stuff, News, open source /

GitHub push protection now on by default for public repositories 2024-03-04 at 16:15 By Zeljka Zorz GitHub push protection – a security feature aimed at preventing secrets such as API keys or tokens getting accidentally leaked online – is being switched on by default for all public repositories. “This means that when a supported secret

React to this headline:

Loading spinner

GitHub push protection now on by default for public repositories Read More »

Phishers target FCC, crypto holders via fake Okta SSO pages

Cryptocurrency, Don't miss, fcc, Hot stuff, Lookout, News, Okta, phishing, SSO /

Phishers target FCC, crypto holders via fake Okta SSO pages 2024-03-04 at 14:46 By Helga Labus A new phishing campaign is using fake Okta single sign-on (SSO) pages for the Federal Communications Commission (FCC) and for various cryptocurrency platforms to target users and employees, Lookout researchers have discovered. The phishing campaign By pretending to be

React to this headline:

Loading spinner

Phishers target FCC, crypto holders via fake Okta SSO pages Read More »

Securing software repositories leads to better OSS security

CISA, Don't miss, framework, GitHub, Hot stuff, Malware, News, open source, OpenSSF, PyPI /

Securing software repositories leads to better OSS security 2024-03-04 at 14:03 By Zeljka Zorz Malicious software packages are found on public software repositories such as GitHub, PyPI and the npm registry seemingly every day. Attackers use a number of tricks to fool developers or systems into downloading them, or they simply compromise the package developer’s

React to this headline:

Loading spinner

Securing software repositories leads to better OSS security Read More »

PyRIT: Open-source framework to find risks in generative AI systems

Adversa AI, AppOmni, Artificial Intelligence, cybersecurity, Don't miss, generative AI, Hot stuff, Microsoft, News, open source, Python, red team, software /

PyRIT: Open-source framework to find risks in generative AI systems 2024-03-04 at 08:02 By Mirko Zorz Python Risk Identification Tool (PyRIT) is Microsoft’s open-source automation framework that enables security professionals and machine learning engineers to find risks in generative AI systems. PyRIT has been battle-tested by Microsoft’s AI red team. It started as a collection

React to this headline:

Loading spinner

PyRIT: Open-source framework to find risks in generative AI systems Read More »

Integrating software supply chain security in DevSecOps CI/CD pipelines

cybersecurity, DevSecOps, Don't miss, Endor Labs, framework, guidelines, Hot stuff, NIST, supply chain, Video /

Integrating software supply chain security in DevSecOps CI/CD pipelines 2024-03-04 at 07:01 By Help Net Security NIST released its final guidelines for integrating software supply chain security in DevSecOps CI/CD pipelines (SP 800-204D). In this Help Net Security video, Henrik Plate, Security Researcher at Endor Labs, talks about this report, which provides actionable measures to

React to this headline:

Loading spinner

Integrating software supply chain security in DevSecOps CI/CD pipelines Read More »

Scroll to Top