Hot stuff - Security Ticks

Exploring the impact of generative AI in the 2024 presidential election

cybersecurity, Don't miss, Fortra, generative AI, Hot stuff, social engineering, social media, Video / SecurityTicks

Exploring the impact of generative AI in the 2024 presidential election 05/12/2023 at 07:32 By Help Net Security 2024 is a presidential election year in the US. 2016 and 2020 both saw impressive increases in attempts to influence voters through crafty propaganda and social media campaigns run by bots and expert social engineers, along with […]

React to this headline:

Exploring the impact of generative AI in the 2024 presidential election Read More »

CyberAv3ngers hit Unitronics PLCs at multiple US-based water facilities

Check Point, CISA, critical infrastructure, Don't miss, Hot stuff, Israel, NCSC, News, PLC, USA / SecurityTicks

CyberAv3ngers hit Unitronics PLCs at multiple US-based water facilities 04/12/2023 at 16:48 By Helga Labus Iran-affiliated attackers CyberAv3ngers continue to exploit vulnerable Unitronics programmable logic controllers (PLCs), US and Israeli authorities have said in a joint cybersecurity advisory. CyberAv3ngers targeting Unitronics PLCs CISA has recently confirmed that Iran-affiliated attackers took over a Unitronics Vision Series

React to this headline:

CyberAv3ngers hit Unitronics PLCs at multiple US-based water facilities Read More »

Booking.com customers targeted in hotel booking scam

account hijacking, Don't miss, hospitality industry, Hot stuff, Malware, News, Perception Point, scams, SecureWorks, social engineering / SecurityTicks

Booking.com customers targeted in hotel booking scam 04/12/2023 at 13:31 By Helga Labus Scammers are hijacking hotels’ Booking.com accounts and using them as part of a hotel booking scam aimed at tricking guests into sharing their payment card information. “Customers of multiple properties received email or in-app messages from Booking.com that purported to be from

React to this headline:

Booking.com customers targeted in hotel booking scam Read More »

Put guardrails around AI use to protect your org, but be open to changes

Artificial Intelligence, ChatGPT, CISO, cybersecurity, Don't miss, Expert analysis, Expert corner, generative AI, Hot stuff, News, NS1, opinion, regulation / SecurityTicks

Put guardrails around AI use to protect your org, but be open to changes 04/12/2023 at 08:31 By Help Net Security Artificial intelligence (AI) is a topic that’s currently on everyone’s minds. While in some industries there is concern it could replace workers, other industries have embraced it as a game-changer for streamlining processes, automating

React to this headline:

Put guardrails around AI use to protect your org, but be open to changes Read More »

The AI readiness race and where global companies stand

Artificial Intelligence, Cisco, cybersecurity, Don't miss, Hot stuff, strategy, Video / SecurityTicks

The AI readiness race and where global companies stand 04/12/2023 at 08:01 By Help Net Security According to Cisco, only 14% of organizations worldwide are ready to implement and utilize AI technologies. The report found that 61% of respondents indicated they have a maximum of one year to deploy their AI strategy before there’s a

React to this headline:

The AI readiness race and where global companies stand Read More »

Qlik Sense flaws exploited in Cactus ransomware campaign

Arctic Wolf Networks, data analytics, Don't miss, exploit, Hot stuff, News, Ransomware, security update, vulnerability / SecurityTicks

Qlik Sense flaws exploited in Cactus ransomware campaign 01/12/2023 at 15:18 By Helga Labus Attackers are exploiting three critical vulnerabilities in internet-facing Qlik Sense instances to deliver Cactus ransomware to target organizations, Arctic Wolf researchers have warned. The exploited vulnerabilities Qlik Sense is a business intelligence and data analytics solution popular with governmental organizations and

React to this headline:

Qlik Sense flaws exploited in Cactus ransomware campaign Read More »

Critical Zyxel NAS vulnerabilities patched, update quickly!

Don't miss, Hot stuff, IBM X-Force, NAS, News, security update, vulnerability, Zyxel / SecurityTicks

Critical Zyxel NAS vulnerabilities patched, update quickly! 01/12/2023 at 14:33 By Zeljka Zorz Zyxel has patched six vulnerabilities affecting its network attached storage (NAS) devices, including several (OS) command injection flaws that can be easily exploited by unauthenticated attackers. The vulnerabilities in Zyxel NAS devices One of the six plugged security holes is an improper

React to this headline:

Critical Zyxel NAS vulnerabilities patched, update quickly! Read More »

Apple patches two zero-days used to target iOS users (CVE-2023-42916 CVE-2023-42917)

0-day, apple, Don't miss, Hot stuff, iOS, iPad, macOS, News, security update / SecurityTicks

Apple patches two zero-days used to target iOS users (CVE-2023-42916 CVE-2023-42917) 01/12/2023 at 12:33 By Zeljka Zorz With the latest round of security updates, Apple has fixed two zero-day WebKit vulnerabilities (CVE-2023-42916, CVE-2023-42917) that “may have been exploited against versions of iOS before iOS 16.7.1.” About the vulnerabilities (CVE-2023-42916, CVE-2023-42917) CVE-2023-42916 is a out-of-bounds read

React to this headline:

Apple patches two zero-days used to target iOS users (CVE-2023-42916 CVE-2023-42917) Read More »

Bridging the gap between cloud vs on-premise security

Cato Networks, Cloud, cloud security, cybersecurity, Don't miss, Expert analysis, Expert corner, firewall, Hot stuff, News, opinion, policy / SecurityTicks

Bridging the gap between cloud vs on-premise security 01/12/2023 at 08:03 By Help Net Security With the proliferation of SaaS applications, remote work and shadow IT, organizations feel obliged to embrace cloud-based cybersecurity. And rightly so, because the corporate resources, traffic, and threats are no longer confined within the office premises. Cloud-based security initiatives, such

React to this headline:

Bridging the gap between cloud vs on-premise security Read More »

Key drivers of software security for financial services

API security, automation, code, cybersecurity, Don't miss, Hot stuff, software, Veracode, Video / SecurityTicks

Key drivers of software security for financial services 01/12/2023 at 07:32 By Help Net Security Nearly 72% of applications in the financial services sector contain security flaws, according to Veracode. Despite the alarming figure, this rate of software vulnerability was the lowest of all industries analyzed and has improved since last year. The research also

React to this headline:

Key drivers of software security for financial services Read More »

CISA urges water facilities to secure their Unitronics PLCs

critical infrastructure, Don't miss, Hot stuff, News, PLC, Ransomware, tips, USA / SecurityTicks

CISA urges water facilities to secure their Unitronics PLCs 30/11/2023 at 18:02 By Zeljka Zorz News that Iran-affiliated attackers have taken over a programmable logic controller (PLC) at a water system facility in Pennsylvania has been followed by a public alert urging other water authorities to immediately secure their own PLCs. “The cyber threat actors

React to this headline:

CISA urges water facilities to secure their Unitronics PLCs Read More »

Mosint: Open-source automated email OSINT tool

Don't miss, Email, GitHub, Hot stuff, News, open source, OSINT / SecurityTicks

Mosint: Open-source automated email OSINT tool 30/11/2023 at 08:31 By Mirko Zorz Mosint is an automated email OSINT tool written in Go designed to facilitate quick and efficient investigations of target emails. It integrates multiple services, providing security researchers with rapid access to a broad range of information. “In my previous job, I actively worked

React to this headline:

Mosint: Open-source automated email OSINT tool Read More »

What custom GPTs mean for the future of phishing

Artificial Intelligence, ChatGPT, code, cybersecurity, Don't miss, exploit, generative AI, hacker, Hot stuff, OpenAI, Perception Point, phishing, Video / SecurityTicks

What custom GPTs mean for the future of phishing 30/11/2023 at 08:03 By Help Net Security OpenAI is putting more power into the hands of users of GenAI, allowing them to create their custom AI agents without writing code. These custom GPTs are the latest leap forward in the rapidly evolving AI landscape, but this

React to this headline:

What custom GPTs mean for the future of phishing Read More »

Bridging the risk exposure gap with strategies for internal auditors

AuditBoard, auditing, Compliance, cybersecurity, data security, Don't miss, Features, Hot stuff, News, opinion, Risk Management, strategy, tips / SecurityTicks

Bridging the risk exposure gap with strategies for internal auditors 30/11/2023 at 07:31 By Mirko Zorz In this Help Net Security interview, Richard Chambers, Senior Internal Audit Advisor at AuditBoard, discusses the transformational role of the internal audit function and risk management in helping organizations bridge the gap in risk exposure. He talks about how

React to this headline:

Bridging the risk exposure gap with strategies for internal auditors Read More »

Google fixes Chrome zero day exploited in the wild (CVE-2023-6345)

Chrome, Don't miss, exploit, Google, Hot stuff, News, security update, vulnerability / SecurityTicks

Google fixes Chrome zero day exploited in the wild (CVE-2023-6345) 29/11/2023 at 14:46 By Helga Labus Google has released an urgent security update to fix a number of vulnerabilities in Chrome browser, including a zero-day vulnerability (CVE-2023-6345) that is being actively exploited in the wild. About CVE-2023-6345 CVE-2023-6345, reported by Benoît Sevens and Clément Lecigne

React to this headline:

Google fixes Chrome zero day exploited in the wild (CVE-2023-6345) Read More »

Okta breach: Hackers stole info on ALL customer support users

authentication, data breach, Don't miss, Hot stuff, News, Okta, phishing, privileged identity, social engineering / SecurityTicks

Okta breach: Hackers stole info on ALL customer support users 29/11/2023 at 14:16 By Zeljka Zorz The scope of the recent breach of the Okta customer support system is much wider than initially established, the company has admitted on Tuesday: the attackers downloaded a report that contained the names and email addresses of all Okta

React to this headline:

Okta breach: Hackers stole info on ALL customer support users Read More »

5 resolutions to prepare for SEC’s new cyber disclosure rules

CISO, cybersecurity, Don't miss, Expert analysis, Expert corner, Hot stuff, opinion, Radware, Risk Management, threat / SecurityTicks

5 resolutions to prepare for SEC’s new cyber disclosure rules 29/11/2023 at 08:32 By Help Net Security 2023 has been marked as a year of global conflict and unrest, all of which will impact the cyber threat landscape for years to come. However, one of the most significant cyber security developments for 2024 isn’t driven

React to this headline:

5 resolutions to prepare for SEC’s new cyber disclosure rules Read More »

Strategies for cultivating a supportive culture in zero-trust adoption

authentication, automation, CIO, CISA, Cisco, CISO, cybersecurity, Don't miss, Features, Hot stuff, identity, News, NIST, opinion, SOAR, strategy, zero trust / SecurityTicks

Strategies for cultivating a supportive culture in zero-trust adoption 29/11/2023 at 08:01 By Mirko Zorz In this Help Net Security interview, Wolfgang Goerlich, Advisory CISO at Cisco, discusses the benefits of implementing a mature zero-trust model for both security and business outcomes, revealing a decrease in reported security incidents and enhanced adaptability. Goerlich emphasizes the

React to this headline:

Strategies for cultivating a supportive culture in zero-trust adoption Read More »

Enterprises prepare for the inevitable cyber attack

Commvault, cyber resilience, cybersecurity, Don't miss, Hot stuff, Risk Management, Threat Intelligence, Video / SecurityTicks

Enterprises prepare for the inevitable cyber attack 29/11/2023 at 07:31 By Help Net Security Recent IDC research shows that in many cases, senior executives/line-of-business leaders are minimally engaged in their company’s cyber preparedness initiatives. In fact, 52% of senior leaders have no involvement in their company’s cyber cases. In this Help Net Security video, Rahul

React to this headline:

Enterprises prepare for the inevitable cyber attack Read More »

Vigil: Open-source LLM security scanner

Artificial Intelligence, Don't miss, GitHub, Hot stuff, News, Python, scanning / SecurityTicks

Vigil: Open-source LLM security scanner 29/11/2023 at 07:01 By Mirko Zorz Vigil is an open-source security scanner that detects prompt injections, jailbreaks, and other potential threats to Large Language Models (LLMs). Prompt injection arises when an attacker successfully influences an LLM using specially designed inputs. This leads to the LLM unintentionally carrying out the objectives

React to this headline:

Vigil: Open-source LLM security scanner Read More »