Hot stuff - Security Ticks

Radare: Open-source reverse engineering framework

cybersecurity, Don't miss, GitHub, Hot stuff, News, open source, software / SecurityTicks

Radare: Open-source reverse engineering framework 2024-06-10 at 07:32 By Mirko Zorz Radare is an open-source UNIX-like reverse engineering framework and command-line toolset. It can be scripted, modified, and used for batch analysis. “I started the project in 2006 when I was working as a forensic analyst, and I wrote a simple command-line hexadecimal editor to […]

React to this headline:

Radare: Open-source reverse engineering framework Read More »

Windows Recall will be opt-in and the data more secure, Microsoft says

data security, Don't miss, Encryption, Hot stuff, Microsoft, News, Privacy, Windows / SecurityTicks

Windows Recall will be opt-in and the data more secure, Microsoft says 2024-06-07 at 22:02 By Zeljka Zorz The insistent public complaints and proof-of-concept tools have have borne fruit: Microsoft has realized that the security of its recently previewed Windows Recall feature leaves much to be desired, and has announced important changes. About Windows Recall

React to this headline:

Windows Recall will be opt-in and the data more secure, Microsoft says Read More »

SolarWinds fixes severe Serv-U vulnerability (CVE-2024-28995)

CVE, Don't miss, enterprise, file-sharing, Hot stuff, News, SolarWinds, vulnerability / SecurityTicks

SolarWinds fixes severe Serv-U vulnerability (CVE-2024-28995) 2024-06-07 at 20:01 By Zeljka Zorz SolarWinds has fixed a high-severity vulnerability (CVE-2024-28995) affecting its Serv-U managed file transfer (MFT) server solution, which could be exploited by unauthenticated attackers to access sensitive files on the host machine. About CVE-2024-28995 Serv-U MFT Server is a widely used enterprise solution that

React to this headline:

SolarWinds fixes severe Serv-U vulnerability (CVE-2024-28995) Read More »

June 2024 Patch Tuesday forecast: Multiple announcements from Microsoft

Adobe, apple, cybersecurity, Don't miss, Hot stuff, Microsoft, Mozilla, News, opinion, Patch Tuesday, predictions, security update, Windows / SecurityTicks

June 2024 Patch Tuesday forecast: Multiple announcements from Microsoft 2024-06-07 at 08:16 By Help Net Security May 2024 Patch Tuesday was unusual because we had security updates from Adobe, Apple, Google, Mozilla, and Microsoft on the same day. While individually from each vendor, the updates weren’t that large, managing them together was more challenging. On

React to this headline:

June 2024 Patch Tuesday forecast: Multiple announcements from Microsoft Read More »

Unpacking CISA’s AI guidelines

Artificial Intelligence, Axonius, CISA, cybersecurity, Don't miss, Government, guidelines, Hot stuff, policy, Video / SecurityTicks

Unpacking CISA’s AI guidelines 2024-06-07 at 07:01 By Help Net Security CISA’s late April AI and infrastructure guidelines address 16 sectors along with their cybersecurity needs and operations concerning the growth of AI as a tool to build both federal and vendor cybersecurity infrastructure in the federal marketplace. In this Help Net Security video, Tom

React to this headline:

Unpacking CISA’s AI guidelines Read More »

Zyxel patches critical flaws in EOL NAS devices

CVE, Don't miss, Hot stuff, NAS, News, Outpost24, patch, PoC, vulnerability, Zyxel / SecurityTicks

Zyxel patches critical flaws in EOL NAS devices 2024-06-06 at 14:46 By Zeljka Zorz Zyxel has released patches for three critical vulnerabilities (CVE-2024-29972, CVE-2024-29973, and CVE-2024-29974) affecting two network-attached storage (NAS) devices that have recently reached end-of-vulnerability-support. About the vulnerabilities The three vulnerabilities are: A command injection vulnerability in the CGI program that could allow

React to this headline:

Zyxel patches critical flaws in EOL NAS devices Read More »

Sniffnet: Free, open-source network monitoring

cybersecurity, Don't miss, GitHub, Hot stuff, monitoring, network monitoring, networking, News, open source, penetration testing, scanning, software / SecurityTicks

Sniffnet: Free, open-source network monitoring 2024-06-06 at 07:01 By Mirko Zorz Sniffnet is a free, open-source network monitoring tool to help you easily track your Internet traffic. What sets it apart is its strong focus on user experience. Unlike most network analyzers, Sniffnet is built to be easily usable by everyone, regardless of technical expertise.

React to this headline:

Sniffnet: Free, open-source network monitoring Read More »

90% of threats are social engineering

APT, Avast, cybersecurity, Don't miss, Gen, Hot stuff, Malware, phishing, Ransomware, scams, social engineering, threats, Video / SecurityTicks

90% of threats are social engineering 2024-06-06 at 06:32 By Help Net Security In this Help Net Security video, Jakub Kroustek, Malware Research Director at Gen, discusses the Avast Q1 2024 Threat Report. The report highlights significant trends and incidents in cybersecurity. Key findings include: Surge in social engineering attacks: Nearly 90% of threats blocked

React to this headline:

90% of threats are social engineering Read More »

Vulnerability in Cisco Webex cloud service exposed government authorities, companies

Cisco, cloud security, Don't miss, enterprise, Europe, Germany, Government, Hot stuff, News, research, video conferencing, vulnerability, Webex / SecurityTicks

Vulnerability in Cisco Webex cloud service exposed government authorities, companies 2024-06-05 at 22:33 By Zeljka Zorz The vulnerability that allowed a German journalist to discover links to video conference meetings held by Bundeswehr (the German armed forces) and the Social Democratic Party of Germany (SPD) via their self-hosted Cisco Webex instances similarly affected the Webex

React to this headline:

Vulnerability in Cisco Webex cloud service exposed government authorities, companies Read More »

Kali Linux 2024.2 released: 18 new tools, countless updates

Don't miss, Hot stuff, Kali Linux, Linux, News, OffSec, open source, penetration testing, software / SecurityTicks

Kali Linux 2024.2 released: 18 new tools, countless updates 2024-06-05 at 21:31 By Help Net Security Kali Linux 2024.2 is now available. It includes future package compatibility for 32-bit platforms, improvements to GNOME 46 and Xfce, and 18 new tools. Desktop changes Kali 2024.2 introduces GNOME 46, offering a refined experience that builds on the

React to this headline:

Kali Linux 2024.2 released: 18 new tools, countless updates Read More »

TotalRecall shows how easily data collected by Windows Recall can be stolen

Artificial Intelligence, data security, data theft, Don't miss, GitHub, Hot stuff, Microsoft, News, PoC, Privacy, software, Windows / SecurityTicks

TotalRecall shows how easily data collected by Windows Recall can be stolen 2024-06-05 at 13:16 By Zeljka Zorz Ethical hacker Alexander Hagenah has created TotalRecall, a tool that demonstrates how malicious individuals could abuse Windows’ newly announced Recall feature to steal sensitive information. TotalRecall results (Source: Alexander Hagenah) Copilot+ Recall and its security pitfalls On

React to this headline:

TotalRecall shows how easily data collected by Windows Recall can be stolen Read More »

No summer break for cybercrime: Why educational institutions need better cyber resilience

cyber resilience, cybercrime, cybersecurity, Don't miss, education, Endpoint Security, Expert analysis, Expert corner, Hot stuff, News, opinion, Tanium / SecurityTicks

No summer break for cybercrime: Why educational institutions need better cyber resilience 2024-06-05 at 07:31 By Help Net Security The education system isn’t equipped to handle today’s cyberthreats. I’m not just talking about cybersecurity education in schools shaping the technical workforce of the future – America’s schools themselves are prime targets for cybercrime today. In

React to this headline:

No summer break for cybercrime: Why educational institutions need better cyber resilience Read More »

How AI-powered attacks are accelerating the shift to zero trust strategies

Artificial Intelligence, cybersecurity, deepfakes, Don't miss, Entrust, Features, generative AI, Hot stuff, identity, News, opinion, strategy, zero trust / SecurityTicks

How AI-powered attacks are accelerating the shift to zero trust strategies 2024-06-05 at 07:01 By Mirko Zorz In this Help Net Security interview, Jenn Markey, Advisor to The Entrust Cybersecurity Institute, discusses the increasing adoption of enterprise-wide zero trust strategies in response to evolving cyber threats. Markey discusses the impact of emerging threats like AI-generated

React to this headline:

How AI-powered attacks are accelerating the shift to zero trust strategies Read More »

Find out which cyber threats you should be concerned about

Abnormal Security, Arctic Wolf Networks, At-Bay, BitSight, Cato Networks, Check Point, Cisco, Claroty, Corvus Insurance, cybercrime, cybersecurity, Delinea, Don't miss, Egress, GitGuardian, Hot stuff, Imperva, Mimecast, News, NTT Security, Proofpoint, ReliaQuest, report, SecurityScorecard, Socure, Sophos, SpyCloud, survey, Thales, threat, Trustpair, Verizon, VikingCloud, VIPRE Security, Zscaler / SecurityTicks

Find out which cyber threats you should be concerned about 2024-06-05 at 06:01 By Help Net Security This article includes excerpts from various reports that offer statistics and insights into the current cyber threat landscape. Human error still perceived as the Achilles’ heel of cybersecurity Proofpoint | 2024 Voice of the CISO | May 2024

React to this headline:

Find out which cyber threats you should be concerned about Read More »

PoC for Progress Telerik RCE chain released (CVE-2024-4358, CVE-2024-1800)

Censys, CVE, Don't miss, enterprise, Hot stuff, News, PoC, Progress, vulnerability / SecurityTicks

PoC for Progress Telerik RCE chain released (CVE-2024-4358, CVE-2024-1800) 2024-06-04 at 17:46 By Zeljka Zorz Security researchers have published a proof-of-concept (PoC) exploit that chains together two vulnerabilities (CVE-2024-4358, CVE-2024-1800) to achieve unauthenticated remote code execution on Progress Telerik Report Servers. Telerik Report Server is a centralized enterprise platform for report creation, management, storage and

React to this headline:

PoC for Progress Telerik RCE chain released (CVE-2024-4358, CVE-2024-1800) Read More »

361 million account credentials leaked on Telegram: Are yours among them?

account hijacking, consumer, credentials, Data leak, data theft, Don't miss, enterprise, HIBP, Hot stuff, Malware, News, passwords, Telegram, tips / SecurityTicks

361 million account credentials leaked on Telegram: Are yours among them? 2024-06-04 at 15:03 By Zeljka Zorz A new trove of 361 million email addresses has been added to Have I Been Pwned? (HIBP), the free online service through which users can check whether their account credentials and other data has been compromised in one

React to this headline:

361 million account credentials leaked on Telegram: Are yours among them? Read More »

20 free cybersecurity tools you might have missed

cybersecurity, Don't miss, GitHub, Hot stuff, News, open source, software / SecurityTicks

20 free cybersecurity tools you might have missed 2024-06-04 at 07:31 By Help Net Security Free, open-source cybersecurity tools have become indispensable to protecting individuals, organizations, and critical infrastructure from cyber threats. These tools are created through collaborative and transparent efforts, making them affordable and accessible alternatives to proprietary software. Here, you will find a

React to this headline:

20 free cybersecurity tools you might have missed Read More »

Third-party vendors pose serious cybersecurity threat to national security

cyber risk, cybersecurity, Don't miss, Hot stuff, Ransomware, SecurityScorecard, third party compromise, threat, Video / SecurityTicks

Third-party vendors pose serious cybersecurity threat to national security 2024-06-04 at 07:01 By Help Net Security In this Help Net Security video, Paul Prudhomme, Principal Security Analyst at SecurityScorecard, discusses the findings of the 2024 Redefining Resilience: Concentrated Cyber Risk in a Global Economy Research report. This research details a surge in adversaries exploiting third-party

React to this headline:

Third-party vendors pose serious cybersecurity threat to national security Read More »

High-risk Atlassian Confluence RCE fixed, PoC available (CVE-2024-21683)

Atlassian Confluence, CVE, Don't miss, Hot stuff, News, PoC, SonicWall, vulnerability / SecurityTicks

High-risk Atlassian Confluence RCE fixed, PoC available (CVE-2024-21683) 2024-06-03 at 12:16 By Zeljka Zorz If you’re self-hosting an Atlassian Confluence Server or Data Center installation, you should upgrade to the latest available version to fix a high-severity RCE flaw (CVE-2024-21683) for which a PoC and technical details are already public. About CVE-2024-21683 Confluence Server and

React to this headline:

High-risk Atlassian Confluence RCE fixed, PoC available (CVE-2024-21683) Read More »

NethSecurity: Open-source Linux firewall

Don't miss, firewall, Hot stuff, Linux, News, open source, software / SecurityTicks

NethSecurity: Open-source Linux firewall 2024-06-03 at 07:31 By Mirko Zorz NethSecurity is a free, open-source Linux firewall that simplifies network security deployment. It integrates various security features into one platform, including firewalling, intrusion detection and prevention, antivirus, multi-WAN, DNS, and content filtering. NethSecurity has an intuitive interface that delivers real-time insights and control over network

React to this headline:

NethSecurity: Open-source Linux firewall Read More »