Hot stuff

GhostStrike: Open-source tool for ethical hacking

Don't miss, GitHub, Hot stuff, News, open source, software /

GhostStrike: Open-source tool for ethical hacking 2024-10-17 at 07:31 By Mirko Zorz GhostStrike is an open-source, advanced cybersecurity tool tailored for ethical hacking and Red Team operations. It incorporates cutting-edge techniques, including process hollowing, to stealthily evade detection on Windows systems, making it an asset for penetration testing and security assessments. “I decided to develop […]

React to this headline:

Loading spinner

GhostStrike: Open-source tool for ethical hacking Read More »

How NIS2 will impact sectors from healthcare to energy

CISO, Compliance, cybersecurity, Don't miss, EU, Features, framework, Hot stuff, News, opinion, Risk Management, security standard, Splunk, strategy /

How NIS2 will impact sectors from healthcare to energy 2024-10-17 at 07:02 By Mirko Zorz In this Help Net Security interview, Mick Baccio, Global Security Advisor at Splunk SURGe, discusses the far-reaching implications of the NIS2 Directive beyond traditional IT security. He explains how NIS2 will fundamentally change cybersecurity governance, making it a core aspect

React to this headline:

Loading spinner

How NIS2 will impact sectors from healthcare to energy Read More »

AI data collection under fire

Artificial Intelligence, Cohesity, cybersecurity, Data Protection, data security, Don't miss, Hot stuff, Video /

AI data collection under fire 2024-10-17 at 06:32 By Help Net Security A recent Cohesity report found that consumers are highly concerned about the information companies collect from them – especially when it`s used for artificial intelligence – with consumers prepared to punish companies by switching providers for any loss of trust. In this Help

React to this headline:

Loading spinner

AI data collection under fire Read More »

Defenders must adapt to shrinking exploitation timelines

0-day, Don't miss, exploit, Hot stuff, Mandiant, News, patching, report, vulnerability management /

Defenders must adapt to shrinking exploitation timelines 2024-10-16 at 15:16 By Zeljka Zorz A new report from Mandiant reveals that the average time-to-exploit vulnerabilities before or after a patch is released has plunged to just five days in 2023, down from 32 days in 2021 in 2022. One reason for this is the fact that,

React to this headline:

Loading spinner

Defenders must adapt to shrinking exploitation timelines Read More »

Resilience over reliance: Preparing for IT failures in an unpredictable digital world

cybersecurity, Don't miss, Expert analysis, Expert corner, Hot stuff, monitoring, News, opinion, resilience, Risk Management, strategy, Tanium /

Resilience over reliance: Preparing for IT failures in an unpredictable digital world 2024-10-16 at 07:31 By Help Net Security No IT system — no matter how advanced – is completely immune to failure. The promise of a digital ring of steel may sound attractive, but can it protect you against hardware malfunctions? Software bugs? Unexpected

React to this headline:

Loading spinner

Resilience over reliance: Preparing for IT failures in an unpredictable digital world Read More »

Strengthening Kubernetes security posture with these essential steps

containers, cybersecurity, Don't miss, Features, Hot stuff, Kubernetes, News, open source, opinion, SparkFabrik, strategy, vulnerability management /

Strengthening Kubernetes security posture with these essential steps 2024-10-16 at 07:01 By Mirko Zorz In this Help Net Security interview, Paolo Mainardi, CTO at SparkFabrik, discusses comprehensive strategies to secure Kubernetes environments from development through deployment. He focuses on best practices, automation, and continuous monitoring. Many security risks in Kubernetes originate from vulnerable container images.

React to this headline:

Loading spinner

Strengthening Kubernetes security posture with these essential steps Read More »

Attackers deploying red teaming tool for EDR evasion

Binary Defense, ConnectWise, Don't miss, Endpoint Security, ExtraHop, Hot stuff, Intel 471, News, SentinelOne, Sophos, threat detection, Trend Micro /

Attackers deploying red teaming tool for EDR evasion 2024-10-15 at 17:16 By Zeljka Zorz Threat actors are leveraging the open-source EDRSilencer tool to evade endpoint detection and response systems, Trend Micro researchers have noticed. About EDRSilencer The software, which is intended for red teaming, is being abused to “silence” EDR solutions. It works by leveraging

React to this headline:

Loading spinner

Attackers deploying red teaming tool for EDR evasion Read More »

87,000+ Fortinet devices still open to attack, are yours among them? (CVE-2024-23113)

CVE, Don't miss, enterprise, Fortinet, FortiOS, Hot stuff, News, Shadowserver, vulnerability, WatchTowr /

87,000+ Fortinet devices still open to attack, are yours among them? (CVE-2024-23113) 2024-10-15 at 14:49 By Zeljka Zorz Last week, CISA added CVE-2024-23113 – a critical vulnerability that allows unauthenticated remote code/command execution on unpatched Fortinet FortiGate firewalls – to its Known Exploited Vulnerabilities catalog, thus confirming that it’s being leveraged by attackers in the

React to this headline:

Loading spinner

87,000+ Fortinet devices still open to attack, are yours among them? (CVE-2024-23113) Read More »

The NHI management challenge: When employees leave

authentication, credentials, cybersecurity, Don't miss, Entro, Expert analysis, Expert corner, framework, Hot stuff, News, Non Human Identities, opinion /

The NHI management challenge: When employees leave 2024-10-15 at 08:01 By Help Net Security An employee is exiting your organization. Regardless of the terms of departure, an ex-staffer has the potential when they leave or change roles to impact a wide range of non-human identities, digital credentials, and other secrets. Those secrets include the credentials

React to this headline:

Loading spinner

The NHI management challenge: When employees leave Read More »

How nation-states exploit political instability to launch cyber operations

BlackBerry, critical infrastructure, cyberattacks, cybersecurity, Don't miss, Features, Hot stuff, News, opinion, threat /

How nation-states exploit political instability to launch cyber operations 2024-10-15 at 07:37 By Mirko Zorz In this Help Net Security interview, Ismael Valenzuela, Vice President of Threat Research & Intelligence at BlackBerry, discusses the impact of geopolitical tensions on the frequency and sophistication of cyberattacks. He explains how nation-states and politically motivated groups exploit unrest

React to this headline:

Loading spinner

How nation-states exploit political instability to launch cyber operations Read More »

The dark side of API security

API security, cybersecurity, digital transformation, Don't miss, F5 Networks, Hot stuff, Video /

The dark side of API security 2024-10-15 at 07:02 By Help Net Security APIs are the backbone of digital transformation efforts, connecting applications across organizations, so their security is of the utmost importance. In this Help Net Security video, Lori MacVittie, a Distinguished Engineer at F5, discusses the current state of API security. A recent

React to this headline:

Loading spinner

The dark side of API security Read More »

The quantum dilemma: Game-changer or game-ender

cybersecurity, Don't miss, Expert analysis, Expert corner, Hot stuff, Information Security Forum, News, opinion, quantum computing, risk /

The quantum dilemma: Game-changer or game-ender 2024-10-14 at 08:18 By Help Net Security If someone told you five years ago that you could pose questions to an AI agent about the most vexing issues in science and it could answer back swiftly and meaningfully, you would’ve thought they were joking. But AI has ushered in

React to this headline:

Loading spinner

The quantum dilemma: Game-changer or game-ender Read More »

CISOs’ strategies for managing a growing attack surface

attack, CISO, Compliance, cybersecurity, Detectify, digital transformation, Don't miss, Features, Hot stuff, News, opinion, regulation /

CISOs’ strategies for managing a growing attack surface 2024-10-14 at 07:03 By Mirko Zorz In this Help Net Security interview, Rickard Carlsson, CEO at Detectify, discusses the evolution of attack surface management in the context of remote work and digital transformation. Carlsson highlights the challenges CISOs face today, including maintaining visibility and managing compliance in

React to this headline:

Loading spinner

CISOs’ strategies for managing a growing attack surface Read More »

EU adopts Cyber Resilience Act to secure connected products

Don't miss, enterprise, EU, Hot stuff, IoT, News, open source, regulation, smart home, smart lock, smart toys, smart tv, SMBs, vulnerability disclosure, vulnerability management /

EU adopts Cyber Resilience Act to secure connected products 2024-10-11 at 14:17 By Zeljka Zorz The EU Council has adopted the Cyber Resilience Act (CRA), a new law that aims to make consumer products with digital components safe(r) to use. CRA requirements The CRA outlines EU-wide cybersecurity standards for digital products, i.e. products that are

React to this headline:

Loading spinner

EU adopts Cyber Resilience Act to secure connected products Read More »

DORA regulation’s nuts and bolts

BforeAI, cyber resilience, cybersecurity, Don't miss, EU, financial industry, Hot stuff, regulation, Video /

DORA regulation’s nuts and bolts 2024-10-11 at 08:02 By Help Net Security The frequency, sophistication, and impact of cyber-attacks on financial institutions have been rising. Given the economic system’s interconnected nature, disruptions in one institution can have cascading effects on the broader financial market, leading to systemic risks. Regulators have responded with increasingly stringent requirements.

React to this headline:

Loading spinner

DORA regulation’s nuts and bolts Read More »

Unlocking the power of cryptographic agility in a quantum world

Cryptomathic, cybersecurity, Don't miss, Features, Hot stuff, News, opinion, quantum computing, regulation, standards /

Unlocking the power of cryptographic agility in a quantum world 2024-10-11 at 07:31 By Mirko Zorz In this Help Net Security interview, Glen Leonhard, Director of Key Management at Cryptomathic, discusses the role of cryptographic agility in mitigating risks posed by quantum computing. Cryptographic agility enables organizations to seamlessly transition to post-quantum algorithms without disrupting

React to this headline:

Loading spinner

Unlocking the power of cryptographic agility in a quantum world Read More »

Actively exploited Firefox zero-day fixed, update ASAP! (CVE-2024-9680)

CVE, Don't miss, ESET, Firefox, Hot stuff, News, security update, Tor, vulnerability /

Actively exploited Firefox zero-day fixed, update ASAP! (CVE-2024-9680) 2024-10-10 at 15:31 By Zeljka Zorz Mozilla has pushed out an emergency update for its Firefox and Firefox ESR browsers to fix a vulnerability (CVE-2024-9680) that is being exploited in the wild. About CVE-2024-9680 Reported by ESET malware researcher Damien Schaeffer, CVE-2024-9680 is a use-after-free vulnerability in

React to this headline:

Loading spinner

Actively exploited Firefox zero-day fixed, update ASAP! (CVE-2024-9680) Read More »

Internet Archive data breach, defacement, and DDoS: Users’ data compromised

data breach, Data leak, DDoS, Don't miss, HIBP, Hot stuff, Internet Archive, News /

Internet Archive data breach, defacement, and DDoS: Users’ data compromised 2024-10-10 at 12:46 By Zeljka Zorz The Internet Archive has suffered a data breach, leading to the compromise of email addresses, screen names and bcrypt password hashes of some 31 million users. The compromise was revealed on Wednesday afternoon, when the digital library’s website began

React to this headline:

Loading spinner

Internet Archive data breach, defacement, and DDoS: Users’ data compromised Read More »

Widening talent pool in cyber with on-demand contractors

CAPSLOCK, certification, cybersecurity, Don't miss, Expert analysis, Expert corner, Hot stuff, News, opinion, professional, skill development /

Widening talent pool in cyber with on-demand contractors 2024-10-10 at 08:01 By Help Net Security Filling roles within the cyber sector is an ongoing battle. The shortfall of workers risks creating a vicious cycle within existing cyber teams: With fewer team members to spread the workload on, you risk burning out security professionals. Many make

React to this headline:

Loading spinner

Widening talent pool in cyber with on-demand contractors Read More »

Investing in Privacy by Design for long-term compliance

awareness, cybersecurity, Don't miss, Features, framework, Hot stuff, Microblink, News, opinion, Privacy, regulation /

Investing in Privacy by Design for long-term compliance 2024-10-10 at 07:31 By Mirko Zorz In this Help Net Security interview, Bojan Belušić, Head of Information Security & IT Operations at Microblink, discusses the relationship between Privacy by Design and regulatory frameworks like GDPR. Integrating privacy principles from the outset of product and process development ensures

React to this headline:

Loading spinner

Investing in Privacy by Design for long-term compliance Read More »

Scroll to Top