Hot stuff - Security Ticks

Critical vulnerability in Cisco industrial wireless access points fixed (CVE-2024-20418)

access point, Cisco, CVE, Don't miss, energy sector, Hot stuff, manufacturing sector, maritime industry, News, vulnerability / SecurityTicks

Critical vulnerability in Cisco industrial wireless access points fixed (CVE-2024-20418) 2024-11-07 at 11:33 By Zeljka Zorz Cisco has fixed a critical command injection vulnerability (CVE-2024-20418) affecting its Ultra-Reliable Wireless Backhaul (URWB) Access Points that can be exploited via a HTTP requests and allows complete compromise of the devices. There are no workarounds to address this […]

React to this headline:

Critical vulnerability in Cisco industrial wireless access points fixed (CVE-2024-20418) Read More »

How AI will shape the next generation of cyber threats

API security, Artificial Intelligence, attacks, Compliance, cybercriminals, cybersecurity, Don't miss, Features, Hot stuff, News, opinion, Prismatic, regulation, strategy / SecurityTicks

How AI will shape the next generation of cyber threats 2024-11-07 at 08:08 By Mirko Zorz In this Help Net Security interview, Buzz Hillestad, CISO at Prismatic, discusses how AI’s advancement reshapes cybercriminal skillsets and lowers entry barriers for potential attackers. Hillestad highlights that, as AI tools become more accessible, organizations must adapt their defenses

React to this headline:

How AI will shape the next generation of cyber threats Read More »

AWS security essentials for managing compliance, data protection, and threat detection

AWS, cloud security, Don't miss, Hot stuff, monitoring, News, strategy, threat monitoring, tips / SecurityTicks

AWS security essentials for managing compliance, data protection, and threat detection 2024-11-07 at 07:03 By Help Net Security AWS offers a comprehensive suite of security tools to help organizations manage compliance, protect sensitive data, and detect threats within their environments. From AWS Security Hub and Amazon GuardDuty to Amazon Macie and AWS Config, each tool

React to this headline:

AWS security essentials for managing compliance, data protection, and threat detection Read More »

Consumer privacy risks of data aggregation: What should organizations do?

cybersecurity, Data Protection, Don't miss, Expert analysis, Expert corner, Hot stuff, LOKKER, News, opinion, Privacy, regulation, risk / SecurityTicks

Consumer privacy risks of data aggregation: What should organizations do? 2024-11-07 at 06:48 By Help Net Security In September 2024, the Federal Trade Commission (FTC) released an eye-opening report that digs into the data habits of nine major tech giants, including Amazon (Twitch), ByteDance (TikTok), Discord, Facebook, Reddit, Snap, Twitter, WhatsApp, and YouTube. The findings

React to this headline:

Consumer privacy risks of data aggregation: What should organizations do? Read More »

All Google Cloud users will have to enable MFA by 2025

account protection, cloud security, Don't miss, Google Cloud, Hot stuff, MFA, News / SecurityTicks

All Google Cloud users will have to enable MFA by 2025 2024-11-06 at 17:07 By Zeljka Zorz Google has announced that, by the end of 2025, multi-factor authentication (MFA) – aka 2-step verification – will become mandatory for all Google Cloud accounts. “Given the sensitive nature of cloud deployments — and with phishing and stolen

React to this headline:

All Google Cloud users will have to enable MFA by 2025 Read More »

GoZone ransomware accuses and threatens victims

Don't miss, Elastio, Hot stuff, News, Ransomware, SonicWall, Windows / SecurityTicks

GoZone ransomware accuses and threatens victims 2024-11-06 at 13:06 By Zeljka Zorz A new ransomware dubbed GoZone is being leveraged by attackers that don’t seem to be very greedy: they are asking the victims to pay just $1,000 in Bitcoin if they want their files decrypted. The GoZone HTML ransom note (Source: SonicWall) The ransom

React to this headline:

GoZone ransomware accuses and threatens victims Read More »

The cybersecurity gender gap: How diverse teams improve threat response

cybersecurity, Don't miss, education, Features, Hot stuff, LinkedIn, News, opinion, skill development, training / SecurityTicks

The cybersecurity gender gap: How diverse teams improve threat response 2024-11-06 at 07:33 By Mirko Zorz In this Help Net Security interview, Julie Madhusoodanan, Head of CyberSecurity at LinkedIn, discusses how closing the gender gap could enhance cybersecurity’s effectiveness in combating emerging threats. With women still underrepresented in cybersecurity roles, she emphasizes how diverse teams

React to this headline:

The cybersecurity gender gap: How diverse teams improve threat response Read More »

Osmedeus: Open-source workflow engine for offensive security

Don't miss, GitHub, Hot stuff, News, open source, software / SecurityTicks

Osmedeus: Open-source workflow engine for offensive security 2024-11-06 at 07:03 By Help Net Security Osmedeus is an open-source workflow engine designed for offensive security. It serves as a versatile foundation, enabling users to easily create customized reconnaissance systems and scale them across extensive target lists. Osmedeus key features Speed up your recon process Organize your

React to this headline:

Osmedeus: Open-source workflow engine for offensive security Read More »

Key cybersecurity predictions for 2025

cyberattacks, cybersecurity, Don't miss, FIRST, Hot stuff, predictions, threats, Video / SecurityTicks

Key cybersecurity predictions for 2025 2024-11-06 at 06:33 By Help Net Security In this Help Net Security video, Chris Gibson, CEO at FIRST, discusses the evolving threat landscape and provides a unique take on where data breaches and cyber attacks will be in 2025. The post Key cybersecurity predictions for 2025 appeared first on Help

React to this headline:

Key cybersecurity predictions for 2025 Read More »

Beware of phishing emails delivering backdoored Linux VMs!

backdoor, Don't miss, Hot stuff, Linux, News, phishing, Securonix, virtualization / SecurityTicks

Beware of phishing emails delivering backdoored Linux VMs! 2024-11-05 at 16:05 By Zeljka Zorz Unknown attackers are trying to trick Windows users into spinning up a custom Linux virtual machine (VM) with a pre-configured backdoor, Securonix researchers have discovered. The campaign The attack began with a phishing email, they believe, but they weren’t able to

React to this headline:

Beware of phishing emails delivering backdoored Linux VMs! Read More »

Google patches actively exploited Android vulnerability (CVE-2024-43093)

Android, CVE, Don't miss, Hot stuff, News, Samsung, security update, smartphones, vulnerability / SecurityTicks

Google patches actively exploited Android vulnerability (CVE-2024-43093) 2024-11-05 at 13:34 By Zeljka Zorz Google has delivered fixes for two vulnerabilities endangering Android users that “may be under limited, targeted exploitation”: CVE-2024-43047, a flaw affecting Qualcomm chipsets, and CVE-2024-43093, a vulnerability in the Google Play framework. The exploited vulnerabilities (CVE-2024-43047, CVE-2024-43093) Qualcomm patched CVE-2024-43047 – a

React to this headline:

Google patches actively exploited Android vulnerability (CVE-2024-43093) Read More »

Open-source software: A first attempt at organization after CRA

cybersecurity, Don't miss, EU, Expert analysis, Expert corner, Hot stuff, News, open source, opinion, regulation, The Document Foundation / SecurityTicks

Open-source software: A first attempt at organization after CRA 2024-11-05 at 08:03 By Help Net Security The open-source software (OSS) industry is developing the core software for the global infrastructure, to the point that even some proprietary software giants adopt Linux servers for their cloud services. Still, it has never been able to get organized

React to this headline:

Open-source software: A first attempt at organization after CRA Read More »

Maximizing security visibility on a budget

Artificial Intelligence, Cloud, Compliance, cybersecurity, Don't miss, Features, Forescout, Hot stuff, IoT, IT assets, network, News, opinion, security controls, zero trust / SecurityTicks

Maximizing security visibility on a budget 2024-11-05 at 07:03 By Mirko Zorz In this Help Net Security interview, Barry Mainz, CEO at Forescout, discusses the obstacles organizations encounter in attaining security visibility, particularly within cloud and hybrid environments. He explains why asset intelligence—going beyond basic visibility to understand device behavior and risk—is essential. Mainz also

React to this headline:

Maximizing security visibility on a budget Read More »

Millions of Synology NAS devices vulnerable to zero-click attacks (CVE-2024-10443)

CVE, Don't miss, Hot stuff, Midnight Blue, NAS, News, security update, Synology, vulnerability / SecurityTicks

Millions of Synology NAS devices vulnerable to zero-click attacks (CVE-2024-10443) 2024-11-04 at 16:04 By Zeljka Zorz Synology has released fixes for an unauthenticated “zero-click” remote code execution flaw (CVE-2024-10443, aka RISK:STATION) affecting its popular DiskStation and BeeStation network attached storage (NAS) devices. About CVE-2024-10443 CVE-2024-10443 was discovered by Rick de Jager, a security researcher at

React to this headline:

Millions of Synology NAS devices vulnerable to zero-click attacks (CVE-2024-10443) Read More »

Hiring guide: Key skills for cybersecurity researchers

cybersecurity, cybersecurity jobs, Don't miss, Features, Hot stuff, News, professional, skill development, strategy, tips / SecurityTicks

Hiring guide: Key skills for cybersecurity researchers 2024-11-04 at 07:33 By Mirko Zorz In this Help Net Security interview, Rachel Barouch, an Organizational Coach for VCs and startups and a former VP HR in both a VC and a Cybersecurity startup, discusses the dynamics of cybersecurity researchers and team-building strategies. She highlights that these researchers,

React to this headline:

Hiring guide: Key skills for cybersecurity researchers Read More »

Whispr: Open-source multi-vault secret injection tool

AWS, Azure, Don't miss, GitHub, Hot stuff, News, open source, software / SecurityTicks

Whispr: Open-source multi-vault secret injection tool 2024-11-04 at 07:03 By Mirko Zorz Whispr is an open-source CLI tool designed to securely inject secrets from secret vaults, such as AWS Secrets Manager and Azure Key Vault, directly into your application’s environment. This enhances secure local software development by seamlessly managing sensitive information. Whispr key features Safe

React to this headline:

Whispr: Open-source multi-vault secret injection tool Read More »

Cybersecurity in crisis: Are we ready for what’s coming?

Corpay, cybersecurity, Don't miss, Hot stuff, strategy, Video / SecurityTicks

Cybersecurity in crisis: Are we ready for what’s coming? 2024-11-04 at 06:35 By Help Net Security In this Help Net Security video, James Edgar, CISO at Corpay, reveals insights into cybersecurity health, concerns, challenges, and other considerations for building a solid defense program. Key insights revealed in Corpay’s 2024 State of Business Cybersecurity Report: 67%

React to this headline:

Cybersecurity in crisis: Are we ready for what’s coming? Read More »

How open-source MDM solutions simplify cross-platform device management

cybersecurity, Don't miss, Features, Fleet, framework, Hot stuff, mobile devices, News, open source, opinion, security standard, strategy / SecurityTicks

How open-source MDM solutions simplify cross-platform device management 2024-11-01 at 07:33 By Mirko Zorz In this Help Net Security interview, Mike McNeil, CEO at Fleet, talks about the security risks posed by unmanaged mobile devices and how mobile device management (MDM) solutions help address them. He also discusses employee resistance to MDM and how open-source

React to this headline:

How open-source MDM solutions simplify cross-platform device management Read More »

Google on scaling differential privacy across nearly three billion devices

CISO, cybersecurity, Don't miss, Encryption, Features, Google, Hot stuff, how-to, News, opinion, Privacy, strategy, tips / SecurityTicks

Google on scaling differential privacy across nearly three billion devices 2024-10-31 at 15:03 By Mirko Zorz In this Help Net Security interview, Miguel Guevara, Product Manager, Privacy Safety and Security at Google, discusses the complexities involved in scaling differential privacy technology across large systems. He emphasizes the need to develop secure, private, and user-controlled products

React to this headline:

Google on scaling differential privacy across nearly three billion devices Read More »

Lottie Player supply chain compromise: Sites, apps showing crypto scam pop-ups

Cryptocurrency, cybercrime, Don't miss, Hot stuff, JavaScript, News, supply chain compromise / SecurityTicks

Lottie Player supply chain compromise: Sites, apps showing crypto scam pop-ups 2024-10-31 at 14:38 By Zeljka Zorz A supply chain compromise involving Lottie Player, a widely used web component for playing site and app animations, has made popular decentralized finance apps show pop-ups urging users to connect their wallets, TradingView has reported. The pop-up (Source:

React to this headline:

Lottie Player supply chain compromise: Sites, apps showing crypto scam pop-ups Read More »