Could APIs be the undoing of AI? 2024-09-30 at 08:01 By Help Net Security Application programming interfaces (APIs) are essential to how generative AI (GenAI) functions with agents (e.g., calling upon them for data). But the combination of API and LLM issues coupled with rapid rollouts is likely to see numerous organizations having to combat […]
Could APIs be the undoing of AI? Read More »
SCCMSecrets: Open-source SCCM policies exploitation tool 2024-09-30 at 07:31 By Help Net Security SCCMSecrets is an open-source tool that exploits SCCM policies, offering more than just NAA credential extraction. SCCM policies are a key target for attackers in Active Directory environments, as they can expose sensitive technical information, including account credentials. Attackers may retrieve these
SCCMSecrets: Open-source SCCM policies exploitation tool Read More »
Open source maintainers: Key to software health and security 2024-09-30 at 07:01 By Help Net Security Open source has become the foundation of modern application development, with up to 98% of applications incorporating open-source components and open-source code accounting for 70% or more of the typical application. In this Help Net Security video, Donald Fischer,
Open source maintainers: Key to software health and security Read More »
Businesses turn to private AI for enhanced security and data management 2024-09-30 at 06:31 By Mirko Zorz In this Help Net Security interview, Joe Baguley, CTO EMEA at Broadcom, shares insights on private AI and its significance in data security. He explains how it helps organizations maintain control over sensitive information while addressing the complexities
Businesses turn to private AI for enhanced security and data management Read More »
CUPS vulnerabilities affecting Linux, Unix systems can lead to RCE 2024-09-27 at 13:31 By Zeljka Zorz After much hyping and following prematurely leaked information by a third party, security researcher Simone Margaritelli has released details about four zero-day vulnerabilities in the Common UNIX Printing System (CUPS) that can be abused by remote, unauthenticated attackers to
CUPS vulnerabilities affecting Linux, Unix systems can lead to RCE Read More »
3 tips for securing IoT devices in a connected world 2024-09-27 at 08:01 By Help Net Security IoT devices have become integral to how many organizations operate. From Smart TVs in conference rooms to connected sensors and wireless security cameras, these connected devices are now a fixture in the modern workplace. They also, however, present
3 tips for securing IoT devices in a connected world Read More »
Tosint: Open-source Telegram OSINT tool 2024-09-27 at 07:31 By Mirko Zorz Tosint is an open-source Telegram OSINT tool that extracts useful information from Telegram bots and channels. It’s suited for security researchers, investigators, and others who want to gather insights from Telegram sources. Several law enforcement agencies utilize Tosint to gather intelligence and monitor cybercriminal
Tosint: Open-source Telegram OSINT tool Read More »
Developing an effective cyberwarfare response plan 2024-09-27 at 07:01 By Mirko Zorz In this Help Net Security interview, Nadir Izrael, CTO at Armis, discusses how AI has transformed cyberwarfare by amplifying attacks’ scale and sophistication. Izrael emphasizes the need for AI-powered defenses and proactive cybersecurity strategies to combat these evolving threats. How has adopting AI
Developing an effective cyberwarfare response plan Read More »
Active Directory compromise: Cybersecurity agencies provde guidance 2024-09-26 at 17:31 By Zeljka Zorz Active Directory (AD), Microsoft’s on-premises directory service for Windows domain networks, is so widely used for enterprise identity and access management that compromising it has become almost a standard step in cyber intrusions. “Active Directory is susceptible to compromise due to its
Active Directory compromise: Cybersecurity agencies provde guidance Read More »
The number of Android memory safety vulnerabilities has tumbled, and here’s why 2024-09-26 at 15:32 By Zeljka Zorz Google’s decision to write new code into Android’s codebase in Rust, a memory-safe programming language, has resulted in a significant drop in memory safety vulnerabilities, despite old code (written in C/C++) not having been rewritten. The number
The number of Android memory safety vulnerabilities has tumbled, and here’s why Read More »
New MIT protocol protects sensitive data during cloud-based computation 2024-09-26 at 12:02 By Help Net Security Deep-learning models have found applications across various industries, from healthcare diagnostics to financial forecasting. However, their high computational demands often require powerful cloud-based servers. This dependency on cloud computing raises notable security concerns, particularly in sensitive sectors like healthcare.
New MIT protocol protects sensitive data during cloud-based computation Read More »
AI use: 3 essential questions every CISO must ask 2024-09-26 at 07:32 By Help Net Security In July, Wall Street experienced its worst day since 2022, with the tech-focused Nasdaq falling by 3.6%. The downturn was largely triggered by what commentators suggest is the result of underwhelming earnings from some major tech companies. What’s notable
AI use: 3 essential questions every CISO must ask Read More »
Compliance management strategies for protecting data in complex regulatory environments 2024-09-26 at 07:02 By Mirko Zorz In this Help Net Security interview, Andrius Buinovskis, Head of Product at NordLayer, discusses how organizations can assess their compliance management and ensure they meet regulatory requirements. Buinovskis also addresses the challenges of managing multiple frameworks and offers strategies
Compliance management strategies for protecting data in complex regulatory environments Read More »
Rethinking privacy: A tech expert’s perspective 2024-09-26 at 06:33 By Help Net Security Data privacy has become one of the most pressing challenges of our time, but it didn’t happen overnight. The proliferation of data collection, coupled with the rise of advanced technologies like artificial intelligence and machine learning, has made it easier to piece
Rethinking privacy: A tech expert’s perspective Read More »
PoC for critical SolarWinds Web Help Desk vulnerability released (CVE-2024-28987) 2024-09-25 at 17:17 By Zeljka Zorz Details about and proof-of-concept (PoC) exploit code for CVE-2024-28987, a recently patched SolarWinds Web Help Desk (WHD) vulnerability that could be exploited by unauthenticated attackers to remotely read and modify all help desk ticket details, are now public. “When
PoC for critical SolarWinds Web Help Desk vulnerability released (CVE-2024-28987) Read More »
Ivanti vTM auth bypass flaw exploited in attacks, CISA warns (CVE-2024-7593) 2024-09-25 at 12:46 By Zeljka Zorz CVE-2024-7593, a critical authentication bypass vulnerability affecting Ivanti Virtual Traffic Manager (vTM) appliances, is actively exploited by attackers. The confirmation comes from the Cybersecurity and Infrastructure Security Agency (CISA), which added the flaw to its Known Exploited Vulnerabilities
Ivanti vTM auth bypass flaw exploited in attacks, CISA warns (CVE-2024-7593) Read More »
NetAlertX: Open-source Wi-Fi intruder detector 2024-09-25 at 08:01 By Mirko Zorz NetAlertX is an open-source Wi-Fi/LAN intruder detection tool that scans your network for connected devices and alerts you when new or unknown devices are detected. It provides visibility into your network activity to help you monitor unauthorized access. “NetAlertX comes with a range of
NetAlertX: Open-source Wi-Fi intruder detector Read More »
Securing non-human identities: Why fragmented strategies fail 2024-09-25 at 07:31 By Mirko Zorz In this Help Net Security interview, John Yeoh, Global VP of Research at CSA, discusses the growing security challenges posed by non-human identities (NHIs). With NHIs now outnumbering human identities by 20 to 1, organizations are struggling to secure these digital entities
Securing non-human identities: Why fragmented strategies fail Read More »
Cybersecurity jobs available right now: September 25, 2024 2024-09-25 at 07:02 By Anamarija Pogorelec CISO Guardz | Israel | Hybrid – View job details As a CISO, you will develop and implement security policies and procedures to enhance the security of the company’s IT environment. Develop, implement, and maintain a comprehensive information security strategy to
Cybersecurity jobs available right now: September 25, 2024 Read More »
Transportation, logistics companies targeted with lures impersonating fleet management software 2024-09-24 at 17:46 By Zeljka Zorz Financially motivated threat actors are targeting North American companies in the transportation and logistics sector with tailored lures, info-stealing malware, and a clever new trick. How the attack unfolds According to Proofpoint threat researchers, the attackers start by compromising