Hot stuff - Security Ticks

Why cybersecurity is critical to energy modernization

cybersecurity, Don't miss, ENCS, energy sector, Features, Hot stuff, IoT, News, opinion, regulation, standards / SecurityTicks

Why cybersecurity is critical to energy modernization 2024-12-20 at 07:53 By Mirko Zorz In this Help Net Security interview, Anjos Nijk, Managing Director of the European Network for Cyber security (ENCS), discusses cybersecurity in the energy sector as it modernizes with renewable sources and smart grid technologies. Nijk also addresses the need for international collaboration, […]

React to this headline:

Why cybersecurity is critical to energy modernization Read More »

Cryptocurrency hackers stole $2.2 billion from platforms in 2024

Bitcoin, Chainalysis, Cryptocurrency, Don't miss, hacking, Hot stuff, News, North Korea / SecurityTicks

Cryptocurrency hackers stole $2.2 billion from platforms in 2024 2024-12-19 at 17:18 By Zeljka Zorz $2.2 billion worth of cryptocurrency was stolen from various platforms in 2024, Chainalysis’ 2025 Crypto Crime Report has revealed. Of that sum, $1.34 billion was stolen by North Korea-affiliated hackers, across 47 hacking incidents (out of 303). Most targeted organizations

React to this headline:

Cryptocurrency hackers stole $2.2 billion from platforms in 2024 Read More »

CISA orders federal agencies to secure their Microsoft cloud environments

CISA, cloud security, Don't miss, Government, Hot stuff, Microsoft 365, News, Sectigo / SecurityTicks

CISA orders federal agencies to secure their Microsoft cloud environments 2024-12-19 at 15:04 By Zeljka Zorz The US Cybersecurity and Infrastructure Security Agency (CISA) has issued a binding operational directive (BOD 25-01) requiring federal civilian agencies to secure their (Microsoft) cloud environments. About the CISA BOD 25-01 directive The Implementing Secure Practices for Cloud Services

React to this headline:

CISA orders federal agencies to secure their Microsoft cloud environments Read More »

Are threat feeds masking your biggest security blind spot?

attacks, C/side, cybersecurity, Don't miss, Expert analysis, Expert corner, Hot stuff, network, News, opinion, threats / SecurityTicks

Are threat feeds masking your biggest security blind spot? 2024-12-19 at 07:33 By Help Net Security Security teams that subscribe to threat feeds get lists of known malicious domains, IPs, and file signatures that they can leverage to blacklist and prevent attacks from those sources. The post Are threat feeds masking your biggest security blind

React to this headline:

Are threat feeds masking your biggest security blind spot? Read More »

Leadership skills for managing cybersecurity during digital transformation

cybersecurity, digital transformation, Don't miss, Features, Hot stuff, News, opinion, Presidio, risk / SecurityTicks

Leadership skills for managing cybersecurity during digital transformation 2024-12-19 at 07:03 By Mirko Zorz In this Help Net Security interview, Dan Lohrmann, CISO at Presidio, discusses the need for organizations to rethink their leadership and operational strategies and the cybersecurity risks they have to deal with during digital transformation. The post Leadership skills for managing

React to this headline:

Leadership skills for managing cybersecurity during digital transformation Read More »

European companies hit with effective DocuSign-themed phishing emails

account hijacking, Don't miss, Europe, Germany, Hot stuff, Microsoft 365, Microsoft Azure, News, phishing, UK / SecurityTicks

European companies hit with effective DocuSign-themed phishing emails 2024-12-18 at 14:07 By Zeljka Zorz A threat actor looking to take over the Microsoft Azure cloud infrastructure of European companies has successfully compromised accounts of multiple victims in different firms, according to Palo Alto Networks’ Unit 42 researchers. The phishing campaign The attack started earlier this

React to this headline:

European companies hit with effective DocuSign-themed phishing emails Read More »

BeyondTrust fixes critical vulnerability in remote access, support solutions (CVE-2024-12356)

BeyondTrust, CVE, Don't miss, enterprise, Hot stuff, News, remote access, vulnerability / SecurityTicks

BeyondTrust fixes critical vulnerability in remote access, support solutions (CVE-2024-12356) 2024-12-18 at 11:48 By Zeljka Zorz BeyondTrust has fixed an unauthenticated command injection vulnerability (CVE-2024-12356) in its Privileged Remote Access (PRA) and Remote Support (RS) products that may allow remote code execution, and is urging organizations with on-premise installations to test the patch and implement

React to this headline:

BeyondTrust fixes critical vulnerability in remote access, support solutions (CVE-2024-12356) Read More »

CISO accountability: Navigating a landscape of responsibility

CISO, collaboration, cybersecurity, Don't miss, Expert analysis, Expert corner, Hot stuff, NetSPI, News, opinion / SecurityTicks

CISO accountability: Navigating a landscape of responsibility 2024-12-18 at 07:36 By Help Net Security What was once primarily a technical role, CISOs now find themselves accountable for organizational risk, regulatory compliance, and even legal liabilities across the entire organization. However, as cyber threats intensify, it’s clear that overseeing cybersecurity operations enterprise-wide is not feasible for

React to this headline:

CISO accountability: Navigating a landscape of responsibility Read More »

Key steps to scaling automated compliance while maintaining security

Artificial Intelligence, automation, Compliance, cybersecurity, Data Protection, Don't miss, Features, Hot stuff, Meta, News, opinion, Risk Management, strategy / SecurityTicks

Key steps to scaling automated compliance while maintaining security 2024-12-18 at 07:01 By Mirko Zorz In this Help Net Security interview, Vivek Agarwal, Privacy Program Manager at Meta Platforms, shares insights on strategies for reducing time to market, improving vendor onboarding, and updating privacy requirements to ensure compliance across third-party contracts. From leveraging automation and

React to this headline:

Key steps to scaling automated compliance while maintaining security Read More »

Vanir: Open-source security patch validation for Android

Android, Don't miss, GitHub, Google, Hot stuff, News, open source, patch, software / SecurityTicks

Vanir: Open-source security patch validation for Android 2024-12-18 at 06:34 By Help Net Security Google’s open-source tool Vanir enables Android developers to quickly scan custom platform code for missing or applicable security patches. By automating patch validation, Vanir helps OEMs deliver critical security updates faster, enhancing the security of the Android ecosystem. Vanir uses source-code-based

React to this headline:

Vanir: Open-source security patch validation for Android Read More »

Researchers reveal OT-specific malware in use and in development

Claroty, Don't miss, Forescout, Hot stuff, IIoT, IoT, Malware, malware analysis, News, OT, VirusTotal / SecurityTicks

Researchers reveal OT-specific malware in use and in development 2024-12-17 at 16:43 By Zeljka Zorz Malware that’s made specifically to target industrial control systems (ICS), Internet of Things (IoT) and operational technology (OT) control devices is still rare, but in the last few weeks security researchers have identified two salient threats based on samples uploaded

React to this headline:

Researchers reveal OT-specific malware in use and in development Read More »

Malvertising on steroids serves Lumma infostealer

Don't miss, Guardio, Hot stuff, Infoblox, malvertising, Malware, News / SecurityTicks

Malvertising on steroids serves Lumma infostealer 2024-12-17 at 14:30 By Zeljka Zorz A large-scale malvertising campaign distributing the Lumma infostealer malware via intrusive “ads” leading to fake CAPTCHA pages has been tied by researchers to a threat actor abusing the Monetag ad network. The campaign from the users’ perspective Internet users usually land on one

React to this headline:

Malvertising on steroids serves Lumma infostealer Read More »

The shifting security landscape: 2025 predictions and challenges

Artificial Intelligence, Blancco Technology Group, CISO, cybersecurity, Don't miss, Expert analysis, Expert corner, Hot stuff, News, opinion, predictions, quantum computing / SecurityTicks

The shifting security landscape: 2025 predictions and challenges 2024-12-17 at 07:33 By Help Net Security As the borderless threat ecosystem poses new challenges for companies and governments worldwide, CISA’s 2025-2026 International Plan aims to address this problem. CISA’s plan calls for integrated cyber defense across borders, addressing the complex, global cybersecurity challenges that businesses, governments

React to this headline:

The shifting security landscape: 2025 predictions and challenges Read More »

Balancing security and user experience to improve fraud prevention strategies

account protection, cybersecurity, Don't miss, Features, financial industry, fraud, Hot stuff, J.D. Power, News, opinion / SecurityTicks

Balancing security and user experience to improve fraud prevention strategies 2024-12-17 at 07:03 By Mirko Zorz In this Help Net Security interview, Jennifer White, Senior Director for Banking and Payments Intelligence at J.D. Power, discusses how financial institutions can improve customer satisfaction during fraud resolution, covering proactive fraud prevention, clear communication, and empathetic issue resolution.

React to this headline:

Balancing security and user experience to improve fraud prevention strategies Read More »

Serbian government used Cellebrite to unlock phones, install spyware

0-day, Amnesty International, Android, Cellebrite, digital forensics, Don't miss, Google, Hot stuff, law enforcement, News, Privacy, Qualcomm, spyware / SecurityTicks

Serbian government used Cellebrite to unlock phones, install spyware 2024-12-16 at 20:19 By Zeljka Zorz Serbian police and intelligence officers used Cellebrite forensic extraction software to unlock journalists’ and activists’ phones and install previously unknown Android spyware called NoviSpy, a new Amnesty International report claims. The unlocking was made possible through exploitation of a zero-day

React to this headline:

Serbian government used Cellebrite to unlock phones, install spyware Read More »

MUT-1244 targeting security researchers, red teamers, and threat actors

Checkmarx, cryptojacking, data theft, Datadog, Don't miss, GitHub, Hot stuff, News, phishing, WordPress / SecurityTicks

MUT-1244 targeting security researchers, red teamers, and threat actors 2024-12-16 at 17:33 By Zeljka Zorz A threat actor tracked as MUT-1244 by DataDog researchers has been targeting academics, pentesters, red teamers, security researchers, as well as other threat actors, in order to steal AWS access keys, WordPress account credentials and other sensitive data. MUT-1244 has

React to this headline:

MUT-1244 targeting security researchers, red teamers, and threat actors Read More »

Evasive Node.js loader masquerading as game hack

Don't miss, Hot stuff, Malware, malware detection, News, online gaming, Zscaler / SecurityTicks

Evasive Node.js loader masquerading as game hack 2024-12-16 at 15:03 By Zeljka Zorz Malware peddlers are using NodeLoader, a loader written in Node.js, to foil security solutions and deliver infostealers and cryptominers to gamers. The malicious links in YouTube comments (Source: Zscaler ThreatLabz) Attackers leveraging the Node.js loader In this latest malware delivery campaign, the

React to this headline:

Evasive Node.js loader masquerading as game hack Read More »

With DORA approaching, financial institutions must strengthen their cyber resilience

AttackIQ, Compliance, cyber resilience, cybersecurity, Don't miss, EU, Expert analysis, Expert corner, financial industry, Hot stuff, News, opinion, regulation, Risk Management / SecurityTicks

With DORA approaching, financial institutions must strengthen their cyber resilience 2024-12-16 at 07:33 By Help Net Security The clock is ticking for financial institutions across the EU as the January 17, 2025, deadline for the Digital Operational Resilience Act (DORA) approaches. This regulation will reshape how organizations in the financial sector approach cybersecurity and operational

React to this headline:

With DORA approaching, financial institutions must strengthen their cyber resilience Read More »

How companies can address bias and privacy challenges in AI models

Artificial Intelligence, cybersecurity, Don't miss, Features, Holistic AI, Hot stuff, News, opinion, strategy / SecurityTicks

How companies can address bias and privacy challenges in AI models 2024-12-16 at 07:03 By Mirko Zorz In this Help Net Security interview, Emre Kazim, Co-CEO of Holistic AI, discusses the need for companies to integrate responsible AI practices into their business strategies from the start. He explores how addressing issues like bias, privacy, and

React to this headline:

How companies can address bias and privacy challenges in AI models Read More »

Tackling software vulnerabilities with smarter developer strategies

Application Security, code, cybersecurity, Don't miss, Endor Labs, Features, Hot stuff, News, opinion, software, web application security / SecurityTicks

Tackling software vulnerabilities with smarter developer strategies 2024-12-13 at 07:03 By Mirko Zorz In this Help Net Security interview, Karl Mattson, CISO at Endor Labs, discusses strategies for enhancing secure software development. Mattson covers how developers can address vulnerabilities in complex systems, ways organizations can better support secure coding practices, and the role of languages

React to this headline:

Tackling software vulnerabilities with smarter developer strategies Read More »