Hot stuff - Security Ticks

Using AI to reduce false positives in secrets scanners

API security, Artificial Intelligence, authentication, credentials, cybersecurity, Don't miss, Expert analysis, Expert corner, Features, Hot stuff, Legit Security, News, opinion, SSH / SecurityTicks

Using AI to reduce false positives in secrets scanners 2024-02-27 at 08:02 By Help Net Security As development environments grow more complex, applications increasingly communicate with many external services. When a software development project communicates with an external service, it utilizes a token or “secret” for authentication. These tokens are the glue that keeps any […]

React to this headline:

Using AI to reduce false positives in secrets scanners Read More »

Overcoming the pressures of cybersecurity startup leadership

CEO, cybersecurity, Don't miss, Dope Security, Features, Hot stuff, Innovation, News, opinion, security startup / SecurityTicks

Overcoming the pressures of cybersecurity startup leadership 2024-02-27 at 07:32 By Mirko Zorz In this Help Net Security interview, Kunal Agarwal, CEO at Dope Security, offers a look into the CEO’s leadership philosophy, the process of building a high-caliber team, and the unique challenges of navigating a startup in the tech industry. Dope Security was

React to this headline:

Overcoming the pressures of cybersecurity startup leadership Read More »

Does AI remediation spell the end for developers in 2024?

Artificial Intelligence, cybersecurity, Don't miss, Hot stuff, remediation, Secure Code Warrior, software development, Video / SecurityTicks

Does AI remediation spell the end for developers in 2024? 2024-02-27 at 07:03 By Help Net Security Big tech firms are already rolling out AI remediation tools to prevent developers from introducing security risks into the software development lifecycle (SDLC). In this Help Net Security video, Matias Madou, CTO at Secure Code Warrior, discusses how

React to this headline:

Does AI remediation spell the end for developers in 2024? Read More »

LockBit leak site is back online

Don't miss, Hot stuff, News / SecurityTicks

LockBit leak site is back online 2024-02-26 at 16:04 By Zeljka Zorz LockBitSupp, the individual running the LockBit ransomware-as-a-service operation, has made good on one promise: the LockBit leak site is back online on backup domains, with lists of victims expected to be unveiled in the coming days. Law enforcement strikes LockBit RaaS gang Last

React to this headline:

LockBit leak site is back online Read More »

Pikabot returns with new tricks up its sleeve

Don't miss, Elastic, Hot stuff, Malware, News, phishing, Zscaler / SecurityTicks

Pikabot returns with new tricks up its sleeve 2024-02-26 at 15:32 By Helga Labus After a short hiatus, Pikabot is back, with significant updates to its capabilities and components and a new delivery campaign. About the Pikabot loader Pikabot is a loader – a type of malware whose primary function is to serve as a

React to this headline:

Pikabot returns with new tricks up its sleeve Read More »

ScreenConnect flaws exploited to deliver all kinds of malware (CVE-2024-1709, CVE-2024-1708)

ConnectWise, Don't miss, enterprise, exploit, Hot stuff, Huntress, Malware, Mandiant, News, Ransomware, remote access, remote management, Sophos, vulnerability / SecurityTicks

ScreenConnect flaws exploited to deliver all kinds of malware (CVE-2024-1709, CVE-2024-1708) 2024-02-26 at 13:36 By Zeljka Zorz The recently patched vulnerabilities (CVE-2024-1709, CVE-2024-1708) in ConnectWise ScreenConnect software are being exploited by numerous attackers to deliver a variety of malicious payloads. About ConnectWise ScreenConnect ConnectWise ScreenConnect is a remote desktop solution consisting of server and client

React to this headline:

ScreenConnect flaws exploited to deliver all kinds of malware (CVE-2024-1709, CVE-2024-1708) Read More »

Web Check: Open-source intelligence for any website

cybersecurity, Don't miss, GitHub, Hot stuff, News, open source, OSINT, penetration testing, web analytics, web technologies / SecurityTicks

Web Check: Open-source intelligence for any website 2024-02-26 at 08:02 By Mirko Zorz Web Check offers thorough open-source intelligence and enables users to understand a website’s infrastructure and security posture, equipping them with the knowledge to understand, optimize, and secure their online presence. Unlike similar services, Web Check is free. There’s no signup, tracking, logging,

React to this headline:

Web Check: Open-source intelligence for any website Read More »

It’s time for security operations to ditch Excel

automation, Compliance, cybersecurity, Don't miss, Expert analysis, Expert corner, Hot stuff, News, opinion, Opus Security, security operations, threats / SecurityTicks

It’s time for security operations to ditch Excel 2024-02-26 at 07:33 By Help Net Security Security teams are hiding an embarrassing secret from the outside world: despite their position at the vanguard of technology, security risks and threats, their actual war plans are managed on spreadsheets. This is a far cry from the dark rooms,

React to this headline:

It’s time for security operations to ditch Excel Read More »

Microsoft begins broadening free cloud logging capabilities

CISA, cloud security, Don't miss, Government, Hot stuff, logging, Microsoft, News, USA / SecurityTicks

Microsoft begins broadening free cloud logging capabilities 2024-02-22 at 14:47 By Helga Labus After select US federal agencies tested Microsoft’s expanded cloud logging capabilities for six months, Microsoft is now making them available to all agencies using Microsoft Purview Audit – regardless of license tier. “This change will impact government departments & agencies who do

React to this headline:

Microsoft begins broadening free cloud logging capabilities Read More »

Attackers exploiting ConnectWise ScreenConnect flaws, fixes available for all users (CVE-2024-1709, CVE-2024-1708)

ConnectWise, Don't miss, exploit, Hot stuff, Huntress, MSP, News, Palo Alto Networks, PoC, remote access, remote management, Shadowserver, vulnerability, WatchTowr / SecurityTicks

Attackers exploiting ConnectWise ScreenConnect flaws, fixes available for all users (CVE-2024-1709, CVE-2024-1708) 2024-02-22 at 12:31 By Zeljka Zorz The two ScreenConnect vulnerabilities ConnectWise has recently urged customers to patch have finally been assigned CVE numbers: CVE-2024-1709 for the authentication bypass, CVE-2024-1708 for the path traversal flaw. ConnectWise has also released a newer version of ScreenConnect

React to this headline:

Attackers exploiting ConnectWise ScreenConnect flaws, fixes available for all users (CVE-2024-1709, CVE-2024-1708) Read More »

A step-by-step plan for safe use of GenAI models for software development

Artificial Intelligence, ChatGPT, Compliance, cybersecurity, data security, Don't miss, Expert analysis, Expert corner, generative AI, Hot stuff, News, opinion, Privacy, risk, software development, Solvd / SecurityTicks

A step-by-step plan for safe use of GenAI models for software development 2024-02-22 at 08:01 By Help Net Security If you are a large-scale company, the recent AI boom hasn’t escaped your notice. Today AI is assisting in a large array of development-related and digital-related tasks, from content generation to automation and analysis. The development

React to this headline:

A step-by-step plan for safe use of GenAI models for software development Read More »

Wire fraud scams escalate in real estate deals

CertifID, communication, cybersecurity, Don't miss, fraud, Hot stuff, identity verification, Insurance, real estate sector, Video / SecurityTicks

Wire fraud scams escalate in real estate deals 2024-02-22 at 07:01 By Help Net Security In this Help Net Security video, Tyler Adams, CEO at CertifID, illustrates how the real estate sector needs to invest significant effort in educating consumers and implementing protective measures to safeguard real estate transactions. Recent CertifID research found that median

React to this headline:

Wire fraud scams escalate in real estate deals Read More »

VMware pushes admins to uninstall vulnerable, deprecated vSphere plugin (CVE-2024-22245, CVE-2024-22250)

cloud computing, CVE, Don't miss, enterprise, Hot stuff, hybrid cloud, News, Pen Test Partners, virtualization, VMWare, vulnerability / SecurityTicks

VMware pushes admins to uninstall vulnerable, deprecated vSphere plugin (CVE-2024-22245, CVE-2024-22250) 2024-02-21 at 15:01 By Zeljka Zorz VMware Enhanced Authentication Plug-in (EAP), a plugin for VMware vSphere, has two vulnerabilities (CVE-2024-22245, CVE-2024-22250) that could be exploited by attackers to mount authentication relay and session hijack attacks. The vulnerabilities haven’t been and won’t be fixed. Instead,

React to this headline:

VMware pushes admins to uninstall vulnerable, deprecated vSphere plugin (CVE-2024-22245, CVE-2024-22250) Read More »

10 cybersecurity startups to watch in 2024

Binarly, cybersecurity, Datadog, Dataiku, Don't miss, Dope Security, Filigran, Gomboc, Google, Hot stuff, KTrust, Lakera, Mitigant, News, Palo Alto Networks, Qevlar AI, Radiant Security, Risk Ledger, Snyk / SecurityTicks

10 cybersecurity startups to watch in 2024 2024-02-21 at 08:01 By Mirko Zorz At Help Net Security, we’ve been following the cybersecurity business landscape closely for the past 25 years. Through our Industry News section, we’ve been tracking the pulse of the cybersecurity world, bringing you product news from companies worldwide. Certain vendors have consistently

React to this headline:

10 cybersecurity startups to watch in 2024 Read More »

TruffleHog: Open-source solution for scanning secrets

authentication, cybersecurity, Don't miss, GitHub, Hot stuff, News, open source, scanning, software / SecurityTicks

TruffleHog: Open-source solution for scanning secrets 2024-02-21 at 07:31 By Mirko Zorz TruffleHog is an open-source scanner that identifies and addresses exposed secrets throughout your entire technology stack. “TruffleHog was originally a research tool I independently authored in 2016. When I published it, no tools were scanning Git revision history for secrets. My hunch was

React to this headline:

TruffleHog: Open-source solution for scanning secrets Read More »

A closer look at Israeli cybersecurity funding and M&A activity in 2023

cybersecurity, Don't miss, generative AI, Hot stuff, identity, risk assessment, security startup, Video, YL Ventures / SecurityTicks

A closer look at Israeli cybersecurity funding and M&A activity in 2023 2024-02-21 at 07:01 By Help Net Security Last year was challenging for the global market, and the market downturn greatly affected even the historically resilient cybersecurity ecosystem. In this Help Net Security video, Merav Ben Avi, Content Manager at YL Ventures, talks about

React to this headline:

A closer look at Israeli cybersecurity funding and M&A activity in 2023 Read More »

The importance of a good API security strategy

API security, cyber risk, Don't miss, Hot stuff, News, software development, strategy, threats / SecurityTicks

The importance of a good API security strategy 2024-02-21 at 06:32 By Helga Labus In 2024, API requests accounted for 57% of dynamic internet traffic around the globe, according to the Cloudflare 2024 API Security & Management Report, confirming that APIs are a crucial component of modern software development. But with their increased adoption over

React to this headline:

The importance of a good API security strategy Read More »

LockBit takedown: Infrastructure disrupted, criminals arrested, decryption keys recovered

Don't miss, Europe, Europol, extortion, FBI, Hot stuff, law enforcement, National Crime Agency, News, Ransomware, UK, USA / SecurityTicks

LockBit takedown: Infrastructure disrupted, criminals arrested, decryption keys recovered 2024-02-20 at 14:32 By Zeljka Zorz In the wake of yesterday’s surprise law enforcement takeover of LockBit’s leak site, the UK National Crime Agency (NCA) and Europol have shared more information about the extent of the takedown. “Today, after infiltrating the group’s network, the NCA has

React to this headline:

LockBit takedown: Infrastructure disrupted, criminals arrested, decryption keys recovered Read More »

LockBit disrupted by international law enforcement task force

Don't miss, Hot stuff, law enforcement, News, Ransomware / SecurityTicks

LockBit disrupted by international law enforcement task force 2024-02-20 at 13:01 By Zeljka Zorz On Monday afternoon, LockBit’s leak site has been taken over by a coalition of law enforcement agencies and is showing a seizure notice that promises more details today, at 11:30 GMT. “This site is now under the control of The National

React to this headline:

LockBit disrupted by international law enforcement task force Read More »

Critical ConnectWise ScreenConnect vulnerabilities fixed, patch ASAP!

ConnectWise, Don't miss, Hot stuff, MSP, News, remote access, remote management, security update, SMBs, vulnerability / SecurityTicks

Critical ConnectWise ScreenConnect vulnerabilities fixed, patch ASAP! 2024-02-20 at 12:16 By Zeljka Zorz ConnectWise has fixed two vulnerabilities in ScreenConnect that could allow attackers to execute remote code or directly impact confidential data or critical systems. “There is no evidence that these vulnerabilities have been exploited in the wild, but immediate action must be taken

React to this headline:

Critical ConnectWise ScreenConnect vulnerabilities fixed, patch ASAP! Read More »