Hot stuff - Security Ticks

What is cybersecurity mesh architecture (CSMA)?

CISO, cybersecurity, Don't miss, Expert analysis, Expert corner, framework, Gutsy, Hot stuff, Incident Response, News, opinion, Threat Intelligence / SecurityTicks

What is cybersecurity mesh architecture (CSMA)? 2024-05-03 at 07:01 By Help Net Security Cybersecurity mesh architecture (CSMA) is a set of organizing principles used to create an effective security framework. Using a CSMA approach means designing a security architecture that is composable and scalable with easily extensible interfaces, a common data schema and well-defined interfaces […]

React to this headline:

What is cybersecurity mesh architecture (CSMA)? Read More »

New SOHO router malware aims for cloud accounts, internal company resources

data collection, Don't miss, Hot stuff, Lumen, Malware, networking, News, router, SMBs, Trend Micro, trojan / SecurityTicks

New SOHO router malware aims for cloud accounts, internal company resources 2024-05-02 at 14:46 By Zeljka Zorz Cuttlefish, a new malware family that targets enterprise-grade small office/home office (SOHO) routers, is used by criminals to steal account credentials / secrets for AWS, CloudFlare, Docker, BitBucket and other cloud-based services. “With the stolen key material, the

React to this headline:

New SOHO router malware aims for cloud accounts, internal company resources Read More »

Dropbox says attackers accessed customer and MFA info, API keys

data breach, digital signature, Don't miss, Dropbox, Hot stuff, News, privileged accounts / SecurityTicks

Dropbox says attackers accessed customer and MFA info, API keys 2024-05-02 at 12:01 By Zeljka Zorz File hosting service Dropbox has confirmed that attackers have breached the Dropbox Sign production environment and accessed customer personal and authentication information. “From a technical perspective, Dropbox Sign’s infrastructure is largely separate from other Dropbox services. That said, we

React to this headline:

Dropbox says attackers accessed customer and MFA info, API keys Read More »

2024 Data Breach Investigations Report: Most breaches involve a non-malicious human element

CISO, cybersecurity, Don't miss, Hot stuff, News, report, strategy, Verizon / SecurityTicks

2024 Data Breach Investigations Report: Most breaches involve a non-malicious human element 2024-05-02 at 08:31 By Help Net Security The exploitation of vulnerabilities as an initial point of entry almost tripled from the previous year, accounting for 14% of all breaches, according to Verizon’s 2024 Data Breach Investigations Report, which analyzed a record-high 30,458 security

React to this headline:

2024 Data Breach Investigations Report: Most breaches involve a non-malicious human element Read More »

Securing your organization’s supply chain: Reducing the risks of third parties

cybercrime, cybersecurity, data security, Don't miss, Expert analysis, Expert corner, Hot stuff, i-confidential, News, opinion, risk, supply chain, third party compromise / SecurityTicks

Securing your organization’s supply chain: Reducing the risks of third parties 2024-05-02 at 08:16 By Help Net Security When Stephen Hawking said that “we are all now connected by the internet, like neurons in a giant brain”, very few people understood the gravity of his statement. But ten years on from his famous interview with

React to this headline:

Securing your organization’s supply chain: Reducing the risks of third parties Read More »

Understanding emerging AI and data privacy regulations

Artificial Intelligence, Compliance, cybersecurity, Data Protection, Don't miss, EU, Europe, Features, Government, Hot stuff, Immuta, law, News, opinion, regulation, Risk Management, USA / SecurityTicks

Understanding emerging AI and data privacy regulations 2024-05-02 at 08:01 By Mirko Zorz In this Help Net Security interview, Sophie Stalla-Bourdillon, Senior Privacy Counsel & Legal Engineer at Immuta, discusses the AI Act, the Data Act, and the Health Data Space Regulation. Learn how these regulations interact, their implications for both public and private sectors,

React to this headline:

Understanding emerging AI and data privacy regulations Read More »

reNgine: Open-source automated reconnaissance framework for web applications

automation, Don't miss, GitHub, Hot stuff, News, open source, penetration testing, reconnaissance, software / SecurityTicks

reNgine: Open-source automated reconnaissance framework for web applications 2024-05-02 at 07:31 By Mirko Zorz reNgine is an open-source automated reconnaissance framework for web applications that focuses on a highly configurable and streamlined recon process. Developing reNgine reNgine was developed to overcome the constraints of conventional reconnaissance tools. It is a good choice for bug bounty

React to this headline:

reNgine: Open-source automated reconnaissance framework for web applications Read More »

A closer look at Apiiro’s SHINE partner program

API security, Apiiro, Application Security, cybersecurity, Don't miss, Hot stuff, Risk Management, Video / SecurityTicks

A closer look at Apiiro’s SHINE partner program 2024-05-01 at 16:46 By Help Net Security In this Help Net Security video, Adam LaGreca, Founder of 10KMedia, sat down with John Leon, VP of Partnerships at Apiiro, discusses the company’s new technology partner program SHINE. The name stands for the program’s guiding principles – Seamless, Holistic,

React to this headline:

A closer look at Apiiro’s SHINE partner program Read More »

Why cloud vulnerabilities need CVEs

Cloud, CVE, cybersecurity, Don't miss, Expert analysis, Expert corner, Hot stuff, News, Nucleus Security, opinion, patching, vulnerability management / SecurityTicks

Why cloud vulnerabilities need CVEs 2024-05-01 at 08:01 By Help Net Security When considering vulnerability management’s purpose in a modern world, it’s imperative to recognize the huge transition to new technologies and how you manage risk within these different paradigms and environments (e.g., the cloud). Patch network security isn’t applicable in the same way for

React to this headline:

Why cloud vulnerabilities need CVEs Read More »

Making cybersecurity more appealing to women, closing the skills gap

cybersecurity, Don't miss, Features, Hot stuff, News, opinion, policy, professional, Sapphire, skill development, strategy / SecurityTicks

Making cybersecurity more appealing to women, closing the skills gap 2024-05-01 at 07:31 By Mirko Zorz In this Help Net Security interview, Charly Davis, CCO at Sapphire, provides insights into the current challenges and barriers women face in the cybersecurity industry. Davis emphasizes the need for proactive strategies to attract diverse talent, improve mentorship opportunities,

React to this headline:

Making cybersecurity more appealing to women, closing the skills gap Read More »

Building a strong cloud security posture

cloud security, cybersecurity, Cymulate, Don't miss, Hot stuff, misconfiguration, policy, security controls, strategy, tips, Video / SecurityTicks

Building a strong cloud security posture 2024-05-01 at 06:31 By Help Net Security In this Help Net Security video, David Kellerman, Field CTO at Cymulate, discusses how cloud security still seems to lag even as the cloud grows in popularity and usage. Many leaders are unaware that they need to secure the cloud the same

React to this headline:

Building a strong cloud security posture Read More »

Palo Alto firewalls: CVE-2024-3400 exploitation and PoCs for persistence after resets/upgrades

Don't miss, exploit, firewall, Hot stuff, News, Palo Alto Networks, PoC / SecurityTicks

Palo Alto firewalls: CVE-2024-3400 exploitation and PoCs for persistence after resets/upgrades 2024-04-30 at 15:47 By Zeljka Zorz There are proof-of-concept techniques allowing attackers to achieve persistence on Palo Alto Networks firewalls after CVE-2024-3400 has been exploited, the company has confirmed on Monday, but they are “not aware at this time of any malicious attempts to

React to this headline:

Palo Alto firewalls: CVE-2024-3400 exploitation and PoCs for persistence after resets/upgrades Read More »

Triangulation fraud: The costly scam hitting online retailers

Artificial Intelligence, attacks, authentication, biometrics, cybersecurity, Don't miss, Features, fraud, Hot stuff, News, online payment, opinion, remote access, scams, Visa / SecurityTicks

Triangulation fraud: The costly scam hitting online retailers 2024-04-30 at 08:01 By Mirko Zorz In this Help Net Security interview, Mike Lemberger, Visa’s SVP, Chief Risk Officer, North America, discusses the severe financial losses resulting from triangulation fraud, estimating monthly losses to range from $660 million to $1 billion among merchants. He also highlights the

React to this headline:

Triangulation fraud: The costly scam hitting online retailers Read More »

Tracecat: Open-source SOAR

automation, cybersecurity, Don't miss, GitHub, Hot stuff, News, open source, SOAR, software / SecurityTicks

Tracecat: Open-source SOAR 2024-04-30 at 07:31 By Mirko Zorz Tracecat is an open-source automation platform for security teams. The developers believe security automation should be accessible to everyone, especially understaffed small- to mid-sized teams. Core features, user interfaces, and day-to-day workflows are based on existing best practices from best-in-class security teams. Use specialized AI models

React to this headline:

Tracecat: Open-source SOAR Read More »

Why the automotive sector is a target for email-based cyber attacks

Abnormal Security, automotive security, cyberattacks, cybersecurity, Don't miss, Email, Hot stuff, Video / SecurityTicks

Why the automotive sector is a target for email-based cyber attacks 2024-04-30 at 07:01 By Help Net Security While every organization across every vertical is at risk of advanced email attacks, certain industries periodically become the go-to target for threat actors. In this Help Net Security video, Mick Leach, Field CISO at Abnormal Security, discusses

React to this headline:

Why the automotive sector is a target for email-based cyber attacks Read More »

eBook: Do you have what it takes to lead in cybersecurity?

Don't miss, Hot stuff, ISC2, News, Whitepapers and webinars / SecurityTicks

eBook: Do you have what it takes to lead in cybersecurity? 2024-04-30 at 05:31 By Help Net Security Organizations worldwide need talented, experienced, and knowledgeable cybersecurity teams who understand the advantages and risks of emerging technologies. Aspiring leaders in the cybersecurity field need more than just job experience. They need a diverse and robust set

React to this headline:

eBook: Do you have what it takes to lead in cybersecurity? Read More »

UK enacts IoT cybersecurity law

consumer, Don't miss, Hot stuff, Internet of Things, legislation, News, smart home, smart lock, smart toys, smart tv, smartphone, UK, USA / SecurityTicks

UK enacts IoT cybersecurity law 2024-04-29 at 17:01 By Zeljka Zorz The Product Security and Telecommunications Infrastructure (PSTI) Act has come into effect today, requiring manufacturers of consumer-grade IoT products sold in the UK to stop using guessable default passwords and have a vulnerability disclosure policy. “Most smart devices are manufactured outside the UK, but

React to this headline:

UK enacts IoT cybersecurity law Read More »

Okta warns customers about credential stuffing onslaught

account hijacking, account protection, attacks, credentials, Don't miss, Hot stuff, News, Okta / SecurityTicks

Okta warns customers about credential stuffing onslaught 2024-04-29 at 14:01 By Zeljka Zorz Credential stuffing attacks have exploded this April, Okta warns, and advises its customers to use available tools to block access requests originating from residential proxies before authentication takes place. Abuse of proxy networks “In credential stuffing attacks, adversaries attempt to sign-in to

React to this headline:

Okta warns customers about credential stuffing onslaught Read More »

Prompt Fuzzer: Open-source tool for strengthening GenAI apps

Artificial Intelligence, Don't miss, generative AI, GitHub, Hot stuff, News, open source, software / SecurityTicks

Prompt Fuzzer: Open-source tool for strengthening GenAI apps 2024-04-29 at 08:01 By Mirko Zorz Prompt Fuzzer is an open-source tool that evaluates the security of your GenAI application’s system prompt against dynamic LLM-based threats. Prompt Fuzzer features Simulation of over a dozen types of GenAI attacks The tool contextualizes itself automatically based on the system

React to this headline:

Prompt Fuzzer: Open-source tool for strengthening GenAI apps Read More »

How insider threats can cause serious security breaches

Compliance, cybersecurity, Don't miss, Hot stuff, Insider Threat, Redspin, Video / SecurityTicks

How insider threats can cause serious security breaches 2024-04-29 at 07:34 By Help Net Security Insider threats are a prominent issue and can lead to serious security breaches. Just because someone is a colleague or employee does not grant inherent trust. In this Help Net Security video, Tara Lemieux, CMMC Consultant for Redspin, discusses insider

React to this headline:

How insider threats can cause serious security breaches Read More »