Don't miss - Security Ticks

Attackers may be using TunnelVision to snoop on users’ VPN traffic (CVE-2024-3661)

consumer, CVE, Don't miss, enterprise, Hot stuff, Leviathan Security Group, News, Privacy, VPN / SecurityTicks

Attackers may be using TunnelVision to snoop on users’ VPN traffic (CVE-2024-3661) 2024-05-08 at 16:31 By Zeljka Zorz Researchers have brought to light a new attack method – dubbed TunnelVision and uniquely identified as CVE-2024-3661 – that can be used to intercept and snoop on VPN users’ traffic by attackers who are on the same […]

React to this headline:

Attackers may be using TunnelVision to snoop on users’ VPN traffic (CVE-2024-3661) Read More »

Photos: RSA Conference 2024

Cisco, conferences, Delinea, Don't miss, Entrust, GitGuardian, IT-Harvest, NetSPI, News, Sophos, Splunk, Trellix / SecurityTicks

Photos: RSA Conference 2024 2024-05-08 at 14:31 By Help Net Security RSA Conference 2024 is taking place at the Moscone Center in San Francisco. Help Net Security is on-site, and this gallery takes you inside the event. The featured vendors are: Sophos, NetSPI, IT-Harvest, Cisco, GitGuardian, Delinea, Splunk, Entrust, and Trellix. The post Photos: RSA

React to this headline:

Photos: RSA Conference 2024 Read More »

MITRE breach details reveal attackers’ successes and failures

APT, backdoor, data breach, Don't miss, government-backed attacks, Hot stuff, Ivanti, Mandiant, MITRE, News, reconnaissance, Volexity, web shell / SecurityTicks

MITRE breach details reveal attackers’ successes and failures 2024-05-08 at 14:16 By Zeljka Zorz MITRE has shared a timeline of the recent breach if fell victim to and has confirmed that it began earlier than previously thought: on December 31, 2023. On that day, the attackers deployed a web shell on an external-facing Ivanti Connect

React to this headline:

MITRE breach details reveal attackers’ successes and failures Read More »

Veeam fixes RCE flaw in backup management platform (CVE-2024-29212)

backup, CVE, Don't miss, Hot stuff, MSP, News, security update, Veeam Software / SecurityTicks

Veeam fixes RCE flaw in backup management platform (CVE-2024-29212) 2024-05-08 at 12:16 By Zeljka Zorz Veeam has patched a high-severity vulnerability (CVE-2024-29212) in Veeam Service Provider Console (VSPC) and is urging customers to implement the patch. About CVE-2024-29212 Veeam Service Provider Console is a cloud platform used by managed services providers (MSPs) and enterprises to

React to this headline:

Veeam fixes RCE flaw in backup management platform (CVE-2024-29212) Read More »

The complexities of third-party risk management

cybersecurity, data breach, Don't miss, Hot stuff, Prevalent, Privacy, Risk Management, third party compromise, Video / SecurityTicks

The complexities of third-party risk management 2024-05-08 at 06:31 By Help Net Security In this Help Net Security video, Brad Hibbert, Chief Strategy Officer and Chief Operating Officer for Prevalent, discusses five interesting findings from a recent industry study on third-party risk management and what he thinks they mean for cybersecurity professionals and their companies’

React to this headline:

The complexities of third-party risk management Read More »

LockBit leader unmasked: US charges Russian national

Australia, cybercrime, cybercriminals, disruption, DOJ, Don't miss, Europol, Hot stuff, law enforcement, News, Ransomware, UK, USA / SecurityTicks

LockBit leader unmasked: US charges Russian national 2024-05-07 at 18:33 By Zeljka Zorz Russian national Dmitry Khoroshev is “LockBitSupp”, the creator, developer and administator of the infamous LockBit ransomware group, according to UK, US and Australia law enforcement agencies. The US Justice Deparment has unsealed charges against Khoroshev and the US Department of the Treasury’s

React to this headline:

LockBit leader unmasked: US charges Russian national Read More »

Ransomware operations are becoming less profitable

Chainalysis, cybercrime, disruption, Don't miss, Hot stuff, law enforcement, News, Ransomware / SecurityTicks

Ransomware operations are becoming less profitable 2024-05-07 at 14:01 By Zeljka Zorz As the number of real (and fake) victims of ransomware gangs continues to rise, the number of ransomware payments is falling, along with the average ransom payment. The reasons behind this decrease are many: increased cyber resilience of organizations (which includes having recoverable

React to this headline:

Ransomware operations are becoming less profitable Read More »

6 tips to implement security gamification effectively

CISO, cybersecurity, Don't miss, Expert analysis, Expert corner, Hot stuff, News, opinion, SeeMetrics, tips, training / SecurityTicks

6 tips to implement security gamification effectively 2024-05-07 at 08:01 By Help Net Security There’s not a CISO in the industry who’s not aware of the extremely short median CISO tenure. That’s why the best CISOs are those who constantly seek ways to strengthen their teams. They help members evolve and grow in their roles,

React to this headline:

6 tips to implement security gamification effectively Read More »

Cybercrime stats you can’t ignore

Abnormal Security, Akamai, Cofense, cybercrime, cybersecurity, Don't miss, Egress, GuidePoint Security, Hot stuff, Imperva, Ironscales, News, Osterman Research, ReliaQuest, report, SecurityScorecard, Sophos, SpyCloud, survey, Thales, Trustwave, VIPRE Security, Visa / SecurityTicks

Cybercrime stats you can’t ignore 2024-05-07 at 07:31 By Help Net Security In this article, you will find excerpts from various reports that offer stats and insights about the current cybercrime landscape. Behavioral patterns of ransomware groups are changing GuidePoint Security | GRIT Q1 2024 Ransomware Report | April 2024 Q1 2024 resulted in a

React to this headline:

Cybercrime stats you can’t ignore Read More »

The strategic advantages of targeted threat intelligence

cyberattacks, cybersecurity, Cybersixgill, Don't miss, Hot stuff, Threat Intelligence, threats, Video / SecurityTicks

The strategic advantages of targeted threat intelligence 2024-05-07 at 07:01 By Help Net Security In this Help Net Security video, Gabi Reish, Chief Business Development and Product Officer at Cybersixgill, discusses the role of threat intelligence in every enterprise’s security stack. Threat intelligence plays a significant role in proactively managing a company’s threat exposure. High-quality

React to this headline:

The strategic advantages of targeted threat intelligence Read More »

BlackBasta claims Synlab attack, leaks some stolen documents

Data leak, Don't miss, Europe, Hot stuff, News, Ransomware / SecurityTicks

BlackBasta claims Synlab attack, leaks some stolen documents 2024-05-06 at 14:16 By Zeljka Zorz The BlackBasta ransomware / cyber extortion gang is behind the recent cyber attack that resulted in the temporary shutdown of operations at Synlab Italia. The group claimed the attack on their leak site on Saturday and says they have exfiltrated approximately

React to this headline:

BlackBasta claims Synlab attack, leaks some stolen documents Read More »

Strategies for preventing AI misuse in cybersecurity

analytics, Artificial Intelligence, awareness, cybersecurity, deepfakes, Don't miss, Features, Hot stuff, News, opinion, remediation, risk, SecurityPal, strategy / SecurityTicks

Strategies for preventing AI misuse in cybersecurity 2024-05-06 at 08:01 By Mirko Zorz As organizations increasingly adopt AI, they face unique challenges in updating AI models to keep pace with evolving threats while ensuring seamless integration into existing cybersecurity frameworks. In this Help Net Security interview, Pukar Hamal, CEO at SecurityPal, discusses the integration of

React to this headline:

Strategies for preventing AI misuse in cybersecurity Read More »

How to prepare for the CISSP exam: Tips from industry leaders

certification, CISO, cybersecurity, Don't miss, Features, Hot stuff, how-to, ISC2, News, skill development, strategy, tips / SecurityTicks

How to prepare for the CISSP exam: Tips from industry leaders 2024-05-06 at 07:31 By Mirko Zorz The Certified Information Systems Security Professional (CISSP) is the most widely recognized certification in the information security industry. CISSP certifies that an information security professional possesses extensive technical and managerial expertise for designing, engineering, and managing an organization’s

React to this headline:

How to prepare for the CISSP exam: Tips from industry leaders Read More »

eBook: CISSP fundamentals in focus

Don't miss, Hot stuff, ISC2, News, Whitepapers and webinars / SecurityTicks

eBook: CISSP fundamentals in focus 2024-05-06 at 05:31 By Help Net Security From the technical tools that help manage access control to non-technical skills like collaboration, learn about the fundamentals required in cybersecurity – and how CISSP guides you with the knowledge and skills you need to succeed. Inside the eBook: The Many Sides of

React to this headline:

eBook: CISSP fundamentals in focus Read More »

Bug hunters can get up to $450,000 for an RCE in Google’s Android apps

Android, bug bounty, Don't miss, Google, Hot stuff, mobile apps, News / SecurityTicks

Bug hunters can get up to $450,000 for an RCE in Google’s Android apps 2024-05-03 at 17:16 By Zeljka Zorz Google has drastically increased the rewards bug hunters can get for reporting vulnerabilities in Android apps it develops and maintains. “We increased reward amounts by up to 10x in some categories (for example Remote Arbitrary

React to this headline:

Bug hunters can get up to $450,000 for an RCE in Google’s Android apps Read More »

Microsoft, Google widen passkey support for its users

account protection, Bitwarden, consumer, Don't miss, enterprise, FIDO Alliance, Google, Hot stuff, Microsoft, News, passwordless, passwords / SecurityTicks

Microsoft, Google widen passkey support for its users 2024-05-03 at 14:46 By Zeljka Zorz Since 2013, the first Thursday in May is marked as World Password Day, a day dedicated to raising awareness about the need for using strong, unique passwords to secure out digital lives. Despite decades of often-repeated statements proclaiming the death of

React to this headline:

Microsoft, Google widen passkey support for its users Read More »

Ransom recovery costs reach $2.73 million

cybercrime, cybersecurity, Don't miss, News, Ransomware, report, Sophos, survey / SecurityTicks

Ransom recovery costs reach $2.73 million 2024-05-03 at 08:01 By Help Net Security Average ransom payment has increased 500% in the last year, according to Sophos. Organizations that paid the ransom reported an average payment of $2 million, up from $400,000 in 2023. However, ransoms are just one part of the cost. Excluding ransoms, the

React to this headline:

Ransom recovery costs reach $2.73 million Read More »

What is cybersecurity mesh architecture (CSMA)?

CISO, cybersecurity, Don't miss, Expert analysis, Expert corner, framework, Gutsy, Hot stuff, Incident Response, News, opinion, Threat Intelligence / SecurityTicks

What is cybersecurity mesh architecture (CSMA)? 2024-05-03 at 07:01 By Help Net Security Cybersecurity mesh architecture (CSMA) is a set of organizing principles used to create an effective security framework. Using a CSMA approach means designing a security architecture that is composable and scalable with easily extensible interfaces, a common data schema and well-defined interfaces

React to this headline:

What is cybersecurity mesh architecture (CSMA)? Read More »

New SOHO router malware aims for cloud accounts, internal company resources

data collection, Don't miss, Hot stuff, Lumen, Malware, networking, News, router, SMBs, Trend Micro, trojan / SecurityTicks

New SOHO router malware aims for cloud accounts, internal company resources 2024-05-02 at 14:46 By Zeljka Zorz Cuttlefish, a new malware family that targets enterprise-grade small office/home office (SOHO) routers, is used by criminals to steal account credentials / secrets for AWS, CloudFlare, Docker, BitBucket and other cloud-based services. “With the stolen key material, the

React to this headline:

New SOHO router malware aims for cloud accounts, internal company resources Read More »

Dropbox says attackers accessed customer and MFA info, API keys

data breach, digital signature, Don't miss, Dropbox, Hot stuff, News, privileged accounts / SecurityTicks

Dropbox says attackers accessed customer and MFA info, API keys 2024-05-02 at 12:01 By Zeljka Zorz File hosting service Dropbox has confirmed that attackers have breached the Dropbox Sign production environment and accessed customer personal and authentication information. “From a technical perspective, Dropbox Sign’s infrastructure is largely separate from other Dropbox services. That said, we

React to this headline:

Dropbox says attackers accessed customer and MFA info, API keys Read More »

Don’t miss