Top priorities for federal cybersecurity: Infrastructure, zero trust, and AI-driven defense 2024-09-12 at 07:01 By Mirko Zorz In this Help Net Security, Erica Banks, VP and a leader in Booz Allen’s civilian services business, discusses the Federal Cybersecurity Strategy’s role in safeguarding national assets. Banks outlines key areas for improvement, including funding, talent retention, and […]
Benefits and best practices of leveraging AI for cybersecurity 2024-09-12 at 06:31 By Help Net Security AI has become a key player in protecting valuable organizational insights from threats. Thanks to AI-enabled data protection practices such as behavior monitoring, enterprises no longer have to be reactive to a cyberattack but can be proactive before a
Benefits and best practices of leveraging AI for cybersecurity Read More »
Kali Linux 2024.3 released: 11 new tools, Qualcomm Snapdragon SDM845 SoC support 2024-09-11 at 20:46 By Help Net Security Kali Linux 2024.3 is now available for download. Besides the new tools, this release mainly focuses on behind-the-scenes updates and optimization. New tools in Kali Linux 2024.3 This Kali release is about new tools and package
Kali Linux 2024.3 released: 11 new tools, Qualcomm Snapdragon SDM845 SoC support Read More »
Ivanti fixes critical vulnerabilities in Endpoint Management (CVE-2024-29847) 2024-09-11 at 15:02 By Zeljka Zorz Ivanti has fixed a slew of vulnerabilities affecting its Endpoint Manager solution, including a maximum severity one (CVE-2024-29847) that may allow unauthenticated attackers to remotely execute code in the context of the vulnerable system, and use it as a beachhead for
Ivanti fixes critical vulnerabilities in Endpoint Management (CVE-2024-29847) Read More »
Cybersecurity is a fundamental component of patient care and safety 2024-09-11 at 08:01 By Help Net Security Healthcare institutions are custodians of vast repositories of sensitive patient data, encompassing comprehensive health histories, insurance profiles, and billing data. The ramifications of a data breach often extend far beyond the immediate task of patching the vulnerabilities and
Cybersecurity is a fundamental component of patient care and safety Read More »
DockerSpy: Search for images on Docker Hub, extract sensitive information 2024-09-11 at 07:31 By Mirko Zorz DockerSpy scans Docker Hub for images and retrieves sensitive information, including authentication secrets, private keys, and other confidential data. “DockerSpy was created to address the growing concern of sensitive data leaks within Docker images, especially those publicly available on
DockerSpy: Search for images on Docker Hub, extract sensitive information Read More »
How AI and zero trust are transforming resilience strategies 2024-09-11 at 07:01 By Mirko Zorz In this Help Net Security interview, John Hernandez, President and General Manager at Quest Software, shares practical advice for enhancing cybersecurity resilience against advanced threats. He underscores the need to focus on on-premises and cloud environments, adapt to new regulations,
How AI and zero trust are transforming resilience strategies Read More »
Cybersecurity jobs available right now: September 11, 2024 2024-09-11 at 06:31 By Anamarija Pogorelec ACISO HTX | Singapore | Hybrid – View job details As an ACISO, you will formulate Agency ICT security strategy and work plan, alignment to MHA and HTX’s IT & Cybersecurity strategic directions. Evaluate existing IT environment against MHA and HTX’s
Cybersecurity jobs available right now: September 11, 2024 Read More »
eBook: Keep assets secure after cloud migration 2024-09-11 at 06:00 By Help Net Security Organizations sometimes need to plan their cloud migrations with more emphasis on security and compliance. Many, therefore, struggle to keep their data safe after migrating to the cloud. To illustrate, IBM revealed that 82% of data breaches in 2023 involved data
eBook: Keep assets secure after cloud migration Read More »
Microsoft fixes 4 exploited zero-days and a code defect that nixed earlier security fixes 2024-09-10 at 22:46 By Zeljka Zorz September 2024 Patch Tuesday is here and Microsoft has delivered 79 fixes, including those for a handful of zero-days (CVE-2024-38217, CVE-2024-38226, CVE-2024-38014, CVE-2024-43461) exploited by attackers in the wild, and a Windows 10 code defect
CISA confirms that SonicWall vulnerability is getting exploited (CVE-2024-40766) 2024-09-10 at 15:31 By Zeljka Zorz The US Cybersecurity and Infrastructure Security Agency (CISA) has added CVE-2024-40766 – a recently fixed improper access control vulnerability affecting SonicWall’s firewalls – to its Known Exploited Vulnerabilities catalog, thus confirming it is being actively exploited by attackers. Though the
CISA confirms that SonicWall vulnerability is getting exploited (CVE-2024-40766) Read More »
Zyxel fixes critical command injection flaw in EOL NAS devices (CVE-2024-6342) 2024-09-10 at 12:02 By Zeljka Zorz Users of Zyxel network-attached storage (NAS) devices are urged to implement hotfixes addressing a critical and easily exploited command injection vulnerability (CVE-2024-6342). About CVE-2024-6342 Zyxel NAS devices are generally used by small to medium-sized businesses (SMBs) for data
Zyxel fixes critical command injection flaw in EOL NAS devices (CVE-2024-6342) Read More »
Tech stack uniformity has become a systemic vulnerability 2024-09-10 at 07:31 By Help Net Security Crashes due to faulty updates are nothing new; in fact, one reason IT teams often delay updates is their unreliability and tendency to disrupt the organization’s day-to-day operations. Zero-days are also an old phenomenon. In the past, due to a
Tech stack uniformity has become a systemic vulnerability Read More »
How human-led threat hunting complements automation in detecting cyber threats 2024-09-10 at 07:01 By Mirko Zorz In this Help Net Security interview, Shane Cox, Director, Cyber Fusion Center at MorganFranklin Consulting, discusses the evolving methodologies and strategies in threat hunting and explains how human-led approaches complement each other to form a robust defense. Cox also
How human-led threat hunting complements automation in detecting cyber threats Read More »
33 open-source cybersecurity solutions you didn’t know you needed 2024-09-10 at 06:31 By Help Net Security Open-source cybersecurity tools provide transparency and flexibility, allowing users to examine and customize the source code to fit specific security needs. These tools make cybersecurity accessible to a broader range of organizations and individuals. In this article, you will
33 open-source cybersecurity solutions you didn’t know you needed Read More »
Veeam Backup & Replication RCE flaw may soon be leveraged by ransomware gangs (CVE-2024-40711) 2024-09-09 at 14:46 By Zeljka Zorz CVE-2024-40711, a critical vulnerability affecting Veeam Backup & Replication (VBR), could soon be exploited by attackers to steal enterprise data. Discovered and reported by Code WHite researcher Florian Hauser, the vulnerability can be leveraged for
AI cybersecurity needs to be as multi-layered as the system it’s protecting 2024-09-09 at 08:01 By Help Net Security Cybercriminals are beginning to take advantage of the new malicious options that large language models (LLMs) offer them. LLMs make it possible to upload documents with hidden instructions that are executed by connected system components. This
AI cybersecurity needs to be as multi-layered as the system it’s protecting Read More »
OpenZiti: Secure, open-source networking for your applications 2024-09-09 at 07:33 By Mirko Zorz OpenZiti is a free, open-source project that embeds zero-trust networking principles directly into applications. Example of an OpenZiti overlay network OpenZiti features “We created OpenZiti to transform how people think about connectivity. While OpenZiti is a zero-trust networking platform, you can also
OpenZiti: Secure, open-source networking for your applications Read More »
Best practices for implementing the Principle of Least Privilege 2024-09-09 at 07:02 By Mirko Zorz In this Help Net Security interview, Umaimah Khan, CEO of Opal Security, shares her insights on implementing the Principle of Least Privilege (PoLP). She discusses best practices for effective integration, benefits for operational efficiency and audit readiness, and how to
Best practices for implementing the Principle of Least Privilege Read More »
Phishing in focus: Disinformation, election and identity fraud 2024-09-09 at 06:34 By Help Net Security The frequency of phishing attacks is rising as attackers increasingly utilize AI to execute more scams than ever before. In this Help Net Security video, Abhilash Garimella, Head Of Research at Bolster, discusses how phishing scams are now being hosted
Phishing in focus: Disinformation, election and identity fraud Read More »