Hot stuff - Security Ticks

Managing cyberattack fallout: Financial and operational damage

access management, Aspida, cyberattacks, cybersecurity, Data Protection, digital transformation, disaster recovery, Don't miss, Features, Hot stuff, News, opinion, penetration testing, Risk Management, strategy / SecurityTicks

Managing cyberattack fallout: Financial and operational damage 2024-07-12 at 07:01 By Mirko Zorz In this Help Net Security, Ashley Harrington, Director of Cybersecurity at Aspida, discusses the impact of cyberattack on business operations and financial health. Beyond immediate disruptions and financial burdens, cyber incident can severely damage a company’s reputation among customers and partners. Can […]

React to this headline:

Managing cyberattack fallout: Financial and operational damage Read More »

Using Authy? Beware of impending phishing attempts

2FA, API security, authentication, CCC, cloud security, Data leak, Don't miss, Hot stuff, MFA, News, phishing, Twilio / SecurityTicks

Using Authy? Beware of impending phishing attempts 2024-07-11 at 15:46 By Zeljka Zorz Do you use Authy for your multi-factor authentication needs? If you do, you should keep an eye out for phishing attempts, as well as implement defenses against SIM swapping attacks. What happened? On July 1, Twilio – the company that develops the

React to this headline:

Using Authy? Beware of impending phishing attempts Read More »

How AI helps decode cybercriminal strategies

Artificial Intelligence, cybercriminals, cybersecurity, dark web, Don't miss, Expert analysis, Expert corner, Hot stuff, News, opinion, Searchlight Cyber, threat, Threat Intelligence / SecurityTicks

How AI helps decode cybercriminal strategies 2024-07-11 at 07:32 By Help Net Security With terms like “AI washing” making their way into mainstream business consciousness, the hype surrounding AI is making it harder to differentiate between the true applications and empty promises of the technology. The quest for tangible business benefits is in full swing,

React to this headline:

How AI helps decode cybercriminal strategies Read More »

Strengthening cybersecurity preparedness with defense in depth

Compliance, cybersecurity, Don't miss, Features, framework, Gigamon, Hot stuff, News, opinion, security controls, zero trust / SecurityTicks

Strengthening cybersecurity preparedness with defense in depth 2024-07-11 at 07:01 By Mirko Zorz In this Help Net Security interview, Chaim Mazal, Chief Security Officer at Gigamon, discusses cybersecurity preparedness measures for businesses, the impact of international inconsistencies on global operations, and the board’s role in cybersecurity. What are the top cybersecurity preparedness measures that businesses

React to this headline:

Strengthening cybersecurity preparedness with defense in depth Read More »

Travel scams exposed: How to recognize and avoid them

cybersecurity, Don't miss, Expel, Hot stuff, how-to, News, scams, tips, travel industry, Video / SecurityTicks

Travel scams exposed: How to recognize and avoid them 2024-07-11 at 06:31 By Help Net Security In this Help Net Security video, Aaron Walton, Threat Intel Analyst at Expel, discusses travel scams. For the past 18 months, the Expel SOC team has observed a campaign targeting administrative credentials for Booking.com. The attackers create phishing emails

React to this headline:

Travel scams exposed: How to recognize and avoid them Read More »

Valuable insights for making the right cybersecurity decisions

CISO, cybersecurity, Don't miss, Fortinet, Hack The Box, Hot stuff, Netskope, News, Proofpoint, report, survey, Trellix / SecurityTicks

Valuable insights for making the right cybersecurity decisions 2024-07-11 at 06:01 By Help Net Security This article compiles excerpts from various reports, presenting statistics and insights that could be helpful for CISOs. CISOs becoming more comfortable with risk levels Netskope | The Modern CISO: Bringing Balance | June 2024 Contradicting legacy stereotypes of the CISO

React to this headline:

Valuable insights for making the right cybersecurity decisions Read More »

How AI-powered software spreads Russian disinformation on X

Artificial Intelligence, bot, disinformation, DOJ, Don't miss, Hot stuff, News, Russian Federation, software, Twitter / SecurityTicks

How AI-powered software spreads Russian disinformation on X 2024-07-10 at 18:16 By Zeljka Zorz The US Justice Department (DoJ) has seized two US-based domains used by Russian threat actors to create fake profiles on X (formerly Twitter) that would spread disinformation in the United States and abroad. This bot farm was created and operated via

React to this headline:

How AI-powered software spreads Russian disinformation on X Read More »

Zero-day patched by Microsoft has been exploited by attackers for over a year (CVE-2024-38112)

0-day, Check Point, CVE, Don't miss, Hot stuff, Internet Explorer, Morphisec, MS Office, News, vulnerability / SecurityTicks

Zero-day patched by Microsoft has been exploited by attackers for over a year (CVE-2024-38112) 2024-07-10 at 15:46 By Zeljka Zorz CVE-2024-38112, a spoofing vulnerability in Windows MSHTML Platform for which Microsoft has released a fix on Tuesday, has likely been exploited by attackers in the wild for over a year, Check Point researcher Haifei Li

React to this headline:

Zero-day patched by Microsoft has been exploited by attackers for over a year (CVE-2024-38112) Read More »

Google removes enrollment barrier for prospective Advanced Protection Program users

account protection, authentication, Don't miss, Google, Hot stuff, News, passwordless / SecurityTicks

Google removes enrollment barrier for prospective Advanced Protection Program users 2024-07-10 at 14:01 By Zeljka Zorz Google has removed a potential obstacle for high-risk users who want to enroll in the company’s Advanced Protection Program (APP): they can now do it just by setting a passkey. Users already enrolled in APP have been provided the

React to this headline:

Google removes enrollment barrier for prospective Advanced Protection Program users Read More »

Diversifying cyber teams to tackle complex threats

CAPSLOCK, cybersecurity, Don't miss, Expert analysis, Expert corner, Hot stuff, News, opinion, skill development / SecurityTicks

Diversifying cyber teams to tackle complex threats 2024-07-10 at 08:01 By Help Net Security Technologies such as GenAI, ML and IoT are giving threat actors new tools that make it easier to target consumers and organizations. From Savvy Seahorse which lures victims into investment scams, to a self-replicating AI worm that uses the likes of

React to this headline:

Diversifying cyber teams to tackle complex threats Read More »

How companies increase risk exposure with rushed LLM deployments

cybersecurity, data, Don't miss, Elastic, Features, generative AI, Hot stuff, LLMs, News, opinion, Privacy, security testing / SecurityTicks

How companies increase risk exposure with rushed LLM deployments 2024-07-10 at 07:31 By Mirko Zorz In this Help Net Security interview, Jake King, Head of Threat & Security Intelligence at Elastic, discusses companies’ exposure to new security risks and vulnerabilities as they rush to deploy LLMs. King explains how LLMs pose significant risks to data

React to this headline:

How companies increase risk exposure with rushed LLM deployments Read More »

Microsoft fixes two zero-days exploited by attackers (CVE-2024-38080, CVE-2024-38112)

0-day, Action1, Automox, CVE, Don't miss, Hot stuff, Microsoft, MS SQL Server, News, Patch Tuesday, security update, Trend Micro, virtualization, vulnerability, Windows / SecurityTicks

Microsoft fixes two zero-days exploited by attackers (CVE-2024-38080, CVE-2024-38112) 2024-07-09 at 22:31 By Zeljka Zorz For July 2024 Patch Tuesday, Microsoft has released security updates and patches that fix 142 CVEs, including two exploited zero-days (CVE-2024-38080, CVE-2024-38112) in Windows Hyper-V and Windows MSHTML Platform (respectively). Zero-days exploited in the wild (CVE-2024-38080, CVE-2024-38112) CVE-2024-38080 is a

React to this headline:

Microsoft fixes two zero-days exploited by attackers (CVE-2024-38080, CVE-2024-38112) Read More »

Critical vulnerability in the RADIUS protocol leaves networking equipment open to attack

Don't miss, FreeRADIUS, Hot stuff, InkBridge Networks, networking, News, vulnerability / SecurityTicks

Critical vulnerability in the RADIUS protocol leaves networking equipment open to attack 2024-07-09 at 15:01 By Help Net Security A new critical security vulnerability in the RADIUS protocol, dubbed BlastRADIUS, leaves most networking equipment open to Man-in-the-Middle (MitM) attacks. While the vulnerability can be difficult to exploit, the possible impact of an exploit is substantial.

React to this headline:

Critical vulnerability in the RADIUS protocol leaves networking equipment open to attack Read More »

Chinese APT40 group swifly leverages public PoC exploits

APT, Australia, China, CISA, Don't miss, Hot stuff, News, PoC, web application, web shell / SecurityTicks

Chinese APT40 group swifly leverages public PoC exploits 2024-07-09 at 14:46 By Zeljka Zorz Chinese state-sponsored cyber group APT40 is amazingly fast at adapting public proof-of-concept (PoC) exploits for vulnerabilities in widely used software, an advisory released by intelligence and cybersecurity agencies from eight countries warns. The group, which is also known as Kryptonite Panda

React to this headline:

Chinese APT40 group swifly leverages public PoC exploits Read More »

Microsoft’s cybersecurity dilemma: An open letter to Satya Nadella

attacks, Compliance, cybersecurity, Don't miss, Expert analysis, Expert corner, Hot stuff, Mercury Risk And Compliance, News, opinion, regulation, risk, strategy / SecurityTicks

Microsoft’s cybersecurity dilemma: An open letter to Satya Nadella 2024-07-09 at 07:31 By Help Net Security Microsoft is suffering cybersecurity failures due to systemic problems with strategic leadership. The world is witnessing an alarming trend of cybersecurity issues with Microsoft products and services. Over the past several years, Microsoft has suffered several serious attacks with

React to this headline:

Microsoft’s cybersecurity dilemma: An open letter to Satya Nadella Read More »

Exploring the root causes of the cybersecurity skills gap

Artificial Intelligence, automation, certificates, cybersecurity, Don't miss, education, Features, Hot stuff, News, opinion, skill development, Skillsoft, training / SecurityTicks

Exploring the root causes of the cybersecurity skills gap 2024-07-09 at 07:01 By Mirko Zorz In this Help Net Security interview, Koma Gandy, VP of Leadership and Business at Skillsoft, addresses the critical aspects of the cybersecurity skills gap, the need for diverse talent and continuous upskilling in areas like AI and cloud computing. Gandy

React to this headline:

Exploring the root causes of the cybersecurity skills gap Read More »

Shadow engineering exposed: Addressing the risks of unauthorized engineering practices

Compliance, cyber risk, cybersecurity, Don't miss, Endor Labs, Hot stuff, how-to, News, strategy, tips, Video / SecurityTicks

Shadow engineering exposed: Addressing the risks of unauthorized engineering practices 2024-07-09 at 06:31 By Help Net Security Shadow engineering is present in many organizations, and it can lead to security, compliance, and risk challenges. In this Help Net Security video, Darren Meyer, Staff Research Engineer at Endor Labs, discusses why it causes issues and how

React to this headline:

Shadow engineering exposed: Addressing the risks of unauthorized engineering practices Read More »

TeamViewer: Network segmentation hobbled Midnight Blizzard’s attack

APT, data breach, Don't miss, enterprise, Hot stuff, Microsoft, News, TeamViewer / SecurityTicks

TeamViewer: Network segmentation hobbled Midnight Blizzard’s attack 2024-07-08 at 20:31 By Zeljka Zorz TeamViewer, the company developing the popular remote access/control software with the same name, has finished the investigation into the breach it detected in late June 2024, and has confirmed that it was limited to their internal corporate IT environment. “Neither our separated

React to this headline:

TeamViewer: Network segmentation hobbled Midnight Blizzard’s attack Read More »

Decryptor for DoNex, Muse, DarkRace, (fake) LockBit 3.0 ransomware released

Avast, decryptor, Don't miss, Hot stuff, News, Ransomware / SecurityTicks

Decryptor for DoNex, Muse, DarkRace, (fake) LockBit 3.0 ransomware released 2024-07-08 at 13:01 By Zeljka Zorz A cryptographic weakness in the DoNex ransomware and its previous incarnations – Muse, fake LockBit 3.0, and DarkRace – has allowed Avast researchers to create a decryptor for files encrypted by all those ransomware variants. DoNex ransom note (Source:

React to this headline:

Decryptor for DoNex, Muse, DarkRace, (fake) LockBit 3.0 ransomware released Read More »

How nation-state cyber attacks disrupt public services and undermine citizen trust

Broadcom, critical infrastructure, cyberattacks, cybersecurity, Don't miss, Features, Government, Hot stuff, News, opinion, public sector, Threat Intelligence / SecurityTicks

How nation-state cyber attacks disrupt public services and undermine citizen trust 2024-07-08 at 07:01 By Mirko Zorz In this Help Net Security interview, Rob Greer, VP and GM of the Enterprise Security Group at Broadcom, discusses the impact of nation-state cyber attacks on public sector services and citizens, as well as the broader implications for

React to this headline:

How nation-state cyber attacks disrupt public services and undermine citizen trust Read More »