Hot stuff - Security Ticks

OpenCTI: Open-source cyber threat intelligence platform

Don't miss, Filigran, GitHub, Hot stuff, News, open source, software, Threat Intelligence / SecurityTicks

OpenCTI: Open-source cyber threat intelligence platform 2024-08-21 at 07:31 By Help Net Security OpenCTI is an open-source platform designed to help organizations manage their cyber threat intelligence (CTI) data and observables. The platform structures its data using a knowledge schema built on the STIX2 standards. It features a modern web application architecture with a GraphQL […]

React to this headline:

OpenCTI: Open-source cyber threat intelligence platform Read More »

Cybersecurity jobs available right now: August 21, 2024

cybersecurity jobs, Don't miss, Hot stuff, News / SecurityTicks

Cybersecurity jobs available right now: August 21, 2024 2024-08-21 at 07:01 By Help Net Security Associate Cybersecurity Operations Officer UNICC | USA | On-site – View job details The Center aims to provide trusted ICT services and digital business solutions. You will work under the direct supervision and guidance of the Head of Cybersecurity Operations

React to this headline:

Cybersecurity jobs available right now: August 21, 2024 Read More »

Food security: Accelerating national protections around critical infrastructure

CISO, critical infrastructure, cybersecurity, Hot stuff, News, strategy, tips, USA, Video / SecurityTicks

Food security: Accelerating national protections around critical infrastructure 2024-08-21 at 06:31 By Help Net Security In this Help Net Security video, Mike Lexa, CISO and Global VP of IT Infrastructure and Operations at CNH, discusses how the federal government is taking food security more seriously and what steps must be taken to prioritize security measures.

React to this headline:

Food security: Accelerating national protections around critical infrastructure Read More »

0-day in Windows driver exploited by North Korean hackers to deliver rootkit (CVE-2024-38193)

0-day, APT, Don't miss, drivers, Hot stuff, News, North Korea, rootkits, vulnerability / SecurityTicks

0-day in Windows driver exploited by North Korean hackers to deliver rootkit (CVE-2024-38193) 2024-08-20 at 16:01 By Zeljka Zorz CVE-2024-38193, an actively exploited zero-day that Microsoft patched earlier this month, has been leveraged by North Korean hackers to install a rootkit on targets’ computers, Gen Digital researchers have revealed. About CVE-2024-38193 CVE-2024-38193 is a use-after-free

React to this headline:

0-day in Windows driver exploited by North Korean hackers to deliver rootkit (CVE-2024-38193) Read More »

Vulnerabilities in Microsoft macOS apps may give attackers access to microphone, camera

apple, Cisco, Don't miss, Hot stuff, Microsoft, Microsoft Teams, News, vulnerability / SecurityTicks

Vulnerabilities in Microsoft macOS apps may give attackers access to microphone, camera 2024-08-20 at 13:46 By Zeljka Zorz Vulnerabilities in popular Microsoft apps for macOS can be abused by attackers to record video and audio clips, take pictures, access and exfiltrate data and send emails, Cisco Talos researchers have discovered. Library injection vulnerabilities in Microsoft

React to this headline:

Vulnerabilities in Microsoft macOS apps may give attackers access to microphone, camera Read More »

Strategies for security leaders: Building a positive cybersecurity culture

CISO, communication, cybersecurity, Don't miss, Expert analysis, Expert corner, Hot stuff, Information Security Forum, News, opinion, security culture, strategy / SecurityTicks

Strategies for security leaders: Building a positive cybersecurity culture 2024-08-20 at 07:32 By Help Net Security Culture is a catalyst for security success. It can significantly reduce cybersecurity risks and boost cybersecurity resilience of any organization. Culture can also greatly enhance the perceived value, relevance and reputation of the cybersecurity function. So how can security

React to this headline:

Strategies for security leaders: Building a positive cybersecurity culture Read More »

AI for application security: Balancing automation with human oversight

AlgoSec, Application Security, CISO, cybersecurity, Don't miss, Features, Hot stuff, News, opinion, strategy, tips / SecurityTicks

AI for application security: Balancing automation with human oversight 2024-08-20 at 07:01 By Mirko Zorz In this Help Net Security interview, Kyle Wickert, Worldwide Strategic Architect at AlgoSec, discusses the role of AI in application security, exploring how it’s transforming threat detection and response. Wickert talks about integrating security testing throughout the development lifecycle, the

React to this headline:

AI for application security: Balancing automation with human oversight Read More »

Stolen, locked payment cards can be used with digital wallet apps

apple, Banks, digital wallet, Don't miss, financial industry, fraud, Google, Hot stuff, mobile payment, News, online payment, PayPal, research, vulnerability / SecurityTicks

Stolen, locked payment cards can be used with digital wallet apps 2024-08-19 at 21:32 By Zeljka Zorz Fraudsters can add stolen payment cards to digital wallet apps and continue making online purchases even after victims’ report the card stolen and the bank blocks it, computer engineers with University of Massachusetts Amherst and Pennsylvania State University

React to this headline:

Stolen, locked payment cards can be used with digital wallet apps Read More »

Mandatory MFA for Azure sign-ins is coming

account protection, Don't miss, Hot stuff, MFA, Microsoft Azure, News / SecurityTicks

Mandatory MFA for Azure sign-ins is coming 2024-08-19 at 12:31 By Zeljka Zorz Microsoft is making multi-factor authentication (MFA) – “one of the most effective security measures available” – mandatory for all Azure sign-ins. Preparing for mandatory MFA for Azure The plan is for the shift to happen in two phases: October 2024: MFA will

React to this headline:

Mandatory MFA for Azure sign-ins is coming Read More »

To improve your cybersecurity posture, focus on the data

Comcast, cybersecurity, data analysis, data security, Don't miss, enterprise, Expert analysis, Expert corner, Hot stuff, News, opinion / SecurityTicks

To improve your cybersecurity posture, focus on the data 2024-08-19 at 07:31 By Help Net Security Effectively converging, managing and using enterprise data is a huge undertaking. Enterprises have vast hoards of data, but those hoards exist within siloed systems and applications, and it requires a lot of manual effort by highly skilled data scientists,

React to this headline:

To improve your cybersecurity posture, focus on the data Read More »

Protecting academic assets: How higher education can enhance cybersecurity

CISO, cybersecurity, Don't miss, education, Hot stuff, News, strategy, tips, Video / SecurityTicks

Protecting academic assets: How higher education can enhance cybersecurity 2024-08-19 at 06:31 By Help Net Security Cyber attacks against higher education institutions increased by 70% in 2023. This is largely due to legacy endpoint security management and practices, limited IT support staff, and overwhelming amounts of data, much of which is PII (personally identifiable information).

React to this headline:

Protecting academic assets: How higher education can enhance cybersecurity Read More »

Tech support scammers impersonate Google via malicious search ads

Don't miss, Google, Hot stuff, malvertising, Malwarebytes, News, tech support scam / SecurityTicks

Tech support scammers impersonate Google via malicious search ads 2024-08-16 at 14:01 By Zeljka Zorz Google Search ads that target users looking for Google’s own services lead them to spoofed sites and Microsoft and Apple tech support scams. The fake Google Search ads (Source: Malwarebytes) “In this particular scheme, all web resources used from start

React to this headline:

Tech support scammers impersonate Google via malicious search ads Read More »

Observations from Black Hat USA 2024, BSidesLV, and DEF CON 32

Artificial Intelligence, conferences, cybersecurity, Don't miss, Expert analysis, Expert corner, Hot stuff, IoT, Microsoft, News, opinion, Privacy, SANS, Signal, software development, SonicWall, supply chain attacks / SecurityTicks

Observations from Black Hat USA 2024, BSidesLV, and DEF CON 32 2024-08-16 at 12:46 By Help Net Security I recently spent six days in Las Vegas attending DEF CON, BsidesLV, and Black Hat USA 2024, where I had the opportunity to engage with and learn from some of the top security experts in the world.

React to this headline:

Observations from Black Hat USA 2024, BSidesLV, and DEF CON 32 Read More »

Authentik: Open-source identity provider

authentication, Don't miss, GitHub, Hot stuff, News, open source, software / SecurityTicks

Authentik: Open-source identity provider 2024-08-16 at 07:01 By Mirko Zorz Authentik is an open-source identity provider designed for maximum flexibility and adaptability. It easily integrates into existing environments and supports new protocols. It’s a comprehensive solution for implementing features like sign-up, account recovery, and more in your application, eliminating the need to manage these tasks

React to this headline:

Authentik: Open-source identity provider Read More »

Hide yo environment files! Or risk getting your cloud-stored data stolen and held for ransom

AWS, cloud security, credentials, data theft, Don't miss, extortion, Hot stuff, misconfiguration, News, Palo Alto Networks / SecurityTicks

Hide yo environment files! Or risk getting your cloud-stored data stolen and held for ransom 2024-08-15 at 17:16 By Zeljka Zorz Cybercriminals are breaking into organizations’ cloud storage containers, exfiltrating their sensitive data and, in several cases, have been paid off by the victim organizations to not leak or sell the stolen data. “The attackers

React to this headline:

Hide yo environment files! Or risk getting your cloud-stored data stolen and held for ransom Read More »

Critical RCE bug in SolarWinds Web Help Desk fixed (CVE-2024-28986)

CVE, Don't miss, enterprise, Hot stuff, Java, MSP, News, SMBs, vulnerability / SecurityTicks

Critical RCE bug in SolarWinds Web Help Desk fixed (CVE-2024-28986) 2024-08-15 at 14:45 By Zeljka Zorz SolarWinds has fixed a critical vulnerability (CVE-2024-28986) in its Web Help Desk (WHD) solution that may allow attackers to run commands on the host machine. “While it was reported as an unauthenticated vulnerability, SolarWinds has been unable to reproduce

React to this headline:

Critical RCE bug in SolarWinds Web Help Desk fixed (CVE-2024-28986) Read More »

How passkeys eliminate password management headaches

authentication, cybersecurity, Don't miss, Features, Hot stuff, Industry news, opinion, passwords, rf IDEAS, SSO, standards / SecurityTicks

How passkeys eliminate password management headaches 2024-08-15 at 07:01 By Mirko Zorz In this Help Net Security interview, David Cottingham, President at rf IDEAS, discusses the key benefits organizations can expect when implementing passkeys. Cottingham addresses the misconceptions surrounding the adoption of passkeys, particularly in the B2B landscape. What are the key benefits that organizations

React to this headline:

How passkeys eliminate password management headaches Read More »

Delta vs. CrowdStrike: The duties vendors owe to customers – or do they?

Axio, cybersecurity, data breach, Don't miss, Expert analysis, Expert corner, Hot stuff, law, lawsuit, News, opinion, risk, threats / SecurityTicks

Delta vs. CrowdStrike: The duties vendors owe to customers – or do they? 2024-08-14 at 08:01 By Help Net Security In a potentially groundbreaking dispute, Delta Air Lines is threatening to sue CrowdStrike, a leading cybersecurity firm, for alleged negligence and breach of contract. This case brings to the forefront critical questions about the duties

React to this headline:

Delta vs. CrowdStrike: The duties vendors owe to customers – or do they? Read More »

IntelOwl: Open-source threat intelligence management

Don't miss, GitHub, Hot stuff, News, open source, software, Threat Intelligence / SecurityTicks

IntelOwl: Open-source threat intelligence management 2024-08-14 at 07:31 By Mirko Zorz IntelOwl is an open-source solution designed for large-scale threat intelligence management. It integrates numerous online analyzers and advanced malware analysis tools, providing comprehensive insights in one platform. “In late 2019, I faced a significant challenge while working as a cybersecurity analyst in a Security

React to this headline:

IntelOwl: Open-source threat intelligence management Read More »

Current attacks, targets, and other threat landscape trends

Cisco, cybersecurity, Don't miss, Hot stuff, Incident Response, News, report, threats, Video / SecurityTicks

Current attacks, targets, and other threat landscape trends 2024-08-14 at 06:31 By Help Net Security In this Help Net Security video, Kendall McKay, Strategic Lead, Cyber Threat Intelligence at Cisco Talos, discusses the trends that Cisco Talos incident response observed in incident response engagements from Q2 2024, which covers April to June. While the attacks

React to this headline:

Current attacks, targets, and other threat landscape trends Read More »