Hot stuff

Apple fixes 2 zero-days exploited to breach macOS systems (CVE-2024-44309, CVE-2024-44308)

0-day, apple, Don't miss, Google, Hot stuff, iOS, iPad, macOS, News /

Apple fixes 2 zero-days exploited to breach macOS systems (CVE-2024-44309, CVE-2024-44308) 2024-11-20 at 12:50 By Zeljka Zorz Apple has released emergency security updates for macOS Sequoia that fix two zero-day vulnerabilities (CVE-2024-44309, CVE-2024-44308) that “may have been actively exploited on Intel-based Mac systems”. About CVE-2024-44309 and CVE-2024-44308 CVE-2024-44309 affects WebKit, the browser engine used in […]

React to this headline:

Loading spinner

Apple fixes 2 zero-days exploited to breach macOS systems (CVE-2024-44309, CVE-2024-44308) Read More »

Five backup lessons learned from the UnitedHealth ransomware attack

backup, Continuity, cybersecurity, Don't miss, Expert analysis, Expert corner, Hot stuff, News, opinion, strategy, tips /

Five backup lessons learned from the UnitedHealth ransomware attack 2024-11-20 at 08:19 By Help Net Security The ransomware attack on UnitedHealth earlier this year is quickly becoming the healthcare industry’s version of Colonial Pipeline, prompting congressional testimony, lawmaker scrutiny and potential legislation.  Over the past few months, there have been two congressional hearings on the attack

React to this headline:

Loading spinner

Five backup lessons learned from the UnitedHealth ransomware attack Read More »

Debunking myths about open-source security

Artificial Intelligence, Canonical, CISO, cybersecurity, Don't miss, Features, Hot stuff, News, open source, opinion /

Debunking myths about open-source security 2024-11-20 at 07:31 By Mirko Zorz In this Help Net Security interview, Stephanie Domas, CISO at Canonical, discusses common misconceptions about open-source security and how the community can work to dispel them. She explains how open-source solutions, contrary to myths, offer enterprise-grade maturity, reliability, and transparency. Domas also shares key

React to this headline:

Loading spinner

Debunking myths about open-source security Read More »

Safeguarding the DNS through registries

cybersecurity, DNS, Don't miss, Hot stuff, Identity Digital, Video /

Safeguarding the DNS through registries 2024-11-20 at 07:16 By Help Net Security The integrity of our online ecosystem heavily relies on domain registries, which serve as the foundation for secure and trusted digital experiences. However, threats like Domain Name System (DNS) abuse– manifesting as phishing, malware, and botnets – jeopardize this security. Such abuses harm

React to this headline:

Loading spinner

Safeguarding the DNS through registries Read More »

Microsoft announces new and improved Windows 11 security features

Application Security, Data Protection, Don't miss, Hot stuff, Microsoft, News, privileged accounts, Windows /

Microsoft announces new and improved Windows 11 security features 2024-11-19 at 21:04 By Zeljka Zorz Microsoft has implemented some and is working on delivering several other security-related features and improvements for Windows 11. Administrator protection will allow users to make system changes on their PCs without having administrator rights (that can be abused by attackers

React to this headline:

Loading spinner

Microsoft announces new and improved Windows 11 security features Read More »

Microsoft plans to boot security vendors out of the Windows kernel

antivirus, cyber resilience, Don't miss, Hot stuff, News, security testing, Windows /

Microsoft plans to boot security vendors out of the Windows kernel 2024-11-19 at 20:48 By Zeljka Zorz Microsoft has announced the Windows Resiliency Initiative, aimed at avoiding a repeat of the prolonged worldwide IT outage caused by a buggy CrowdStrike update that took down millions of Windows machines and rendered them remotely unfixable. As part

React to this headline:

Loading spinner

Microsoft plans to boot security vendors out of the Windows kernel Read More »

Oracle patches exploited Agile PLM vulnerability (CVE-2024-21287)

CrowdStrike, Don't miss, enterprise, Hot stuff, News, Oracle, product development, Tenable /

Oracle patches exploited Agile PLM vulnerability (CVE-2024-21287) 2024-11-19 at 12:48 By Zeljka Zorz Oracle has released a security patch for CVE-2024-21287, a remotely exploitable vulnerability in the Oracle Agile PLM Framework that is, according to Tenable researchers, being actively exploited by attackers. About CVE-2024-21287 Oracle Agile PLM Framework is an enterprise product lifecycle management solution

React to this headline:

Loading spinner

Oracle patches exploited Agile PLM vulnerability (CVE-2024-21287) Read More »

Dev + Sec: A collaborative approach to cybersecurity

collaboration, cybersecurity, Don't miss, Expert analysis, Expert corner, Hot stuff, News, opinion, YL Ventures /

Dev + Sec: A collaborative approach to cybersecurity 2024-11-19 at 07:31 By Help Net Security The age-old tension between development and security teams has long been a source of friction in organizations. Developers prioritize speed and efficiency, aiming to deliver features and products quickly with a fast-paced, iterative development cycle and move on efficiently. On

React to this headline:

Loading spinner

Dev + Sec: A collaborative approach to cybersecurity Read More »

Why AI alone can’t protect you from sophisticated email threats

Artificial Intelligence, Barracuda Networks, CISO, cybersecurity, Don't miss, email security, Features, Hot stuff, News, opinion, social engineering /

Why AI alone can’t protect you from sophisticated email threats 2024-11-19 at 07:03 By Mirko Zorz In this Help Net Security interview, Riaz Lakhani, CISO at Barracuda Networks, discusses the effectiveness of AI-based behavioural analysis in combating sophisticated email threats like BEC and VEC. Lakhani also explains how AI tools help detect malicious email activity

React to this headline:

Loading spinner

Why AI alone can’t protect you from sophisticated email threats Read More »

Google report shows CISOs must embrace change to stay secure

CISO, cybersecurity, Don't miss, Google, Hot stuff, News, report, survey, tips /

Google report shows CISOs must embrace change to stay secure 2024-11-19 at 06:03 By Mirko Zorz Google’s latest report, conducted in partnership with Hypothesis Group, reveals a stark reality for organizations: incremental security measures are no longer sufficient. The study, involving over 2,000 decision-makers across the US, UK, India, and Brazil, paints a picture of

React to this headline:

Loading spinner

Google report shows CISOs must embrace change to stay secure Read More »

Attackers are exploiting 2 zero-days in Palo Alto Networks firewalls (CVE-2024-0012, CVE-2024-9474)

0-day, CVE, Don't miss, enterprise, firewall, Hot stuff, News, Palo Alto Networks /

Attackers are exploiting 2 zero-days in Palo Alto Networks firewalls (CVE-2024-0012, CVE-2024-9474) 2024-11-18 at 17:33 By Zeljka Zorz Palo Alto Networks has released fixes for two vulnerabilities (CVE-2024-0012 and CVE-2024-9474) in its next-generation firewalls that have been exploited by attackers as zero-days. About the vulnerabilities (CVE-2024-0012, CVE-2024-9474) CVE-2024-0012 stems from missing authentication for a critical

React to this headline:

Loading spinner

Attackers are exploiting 2 zero-days in Palo Alto Networks firewalls (CVE-2024-0012, CVE-2024-9474) Read More »

Navigating the compliance labyrinth: A CSO’s guide to scaling security

automation, Compliance, CSO, cybersecurity, Descope, Don't miss, Expert analysis, Expert corner, Hot stuff, News, opinion /

Navigating the compliance labyrinth: A CSO’s guide to scaling security 2024-11-18 at 07:48 By Help Net Security Imagine navigating a labyrinth where the walls constantly shift, and the path ahead is obscured by fog. If this brings up a visceral image, you’ve either seen David Bowie’s iconic film or are very familiar with the real-world

React to this headline:

Loading spinner

Navigating the compliance labyrinth: A CSO’s guide to scaling security Read More »

Transforming code scanning and threat detection with GenAI

Application Security, Artificial Intelligence, code, cybersecurity, Don't miss, Features, Hot stuff, News, opinion, Qwiet AI, scanning /

Transforming code scanning and threat detection with GenAI 2024-11-18 at 07:33 By Mirko Zorz In this Help Net Security interview, Stuart McClure, CEO of Qwiet AI, discusses the evolution of code scanning practices, highlighting the shift from reactive fixes to proactive risk management. McClure also shares his perspective on the future of AI-driven code scanning,

React to this headline:

Loading spinner

Transforming code scanning and threat detection with GenAI Read More »

Evaluating GRC tools

cybersecurity, Don't miss, Gartner, GRC, Hot stuff, strategy, Video /

Evaluating GRC tools 2024-11-18 at 07:05 By Help Net Security According to Gartner, the broad range of pricing for government, risk, and compliance (GRC) tools requires enterprise risk management (ERM) leaders to be well-versed in distinct pricing tiers of GRC solutions. In this Help Net Security video, Joel Backaler, Director/Analyst, Risk Technology & Analytics at

React to this headline:

Loading spinner

Evaluating GRC tools Read More »

ScubaGear: Open-source tool to assess Microsoft 365 configurations for security gaps

CISA, Don't miss, GitHub, Hot stuff, News, open source /

ScubaGear: Open-source tool to assess Microsoft 365 configurations for security gaps 2024-11-18 at 06:32 By Mirko Zorz ScubaGear is an open-source tool the Cybersecurity and Infrastructure Security Agency (CISA) created to automatically evaluate Microsoft 365 (M365) configurations for potential security gaps. ScubaGear analyzes an organization’s M365 tenant configuration, offering actionable insights and recommendations to help

React to this headline:

Loading spinner

ScubaGear: Open-source tool to assess Microsoft 365 configurations for security gaps Read More »

Cyber crooks push Android malware via letter

Android, Don't miss, Europe, Hot stuff, Malware, mobile security, News, QR codes, Switzerland /

Cyber crooks push Android malware via letter 2024-11-15 at 15:33 By Zeljka Zorz Cyber crooks are trying out an interesting new approach for getting information-stealing malware installed on Android users’ smartphones: a physical letter impersonating MeteoSwiss (i.e., Switzerland’s Federal Office of Meteorology and Climatology). “The letter asks the recipients to install a new severe weather

React to this headline:

Loading spinner

Cyber crooks push Android malware via letter Read More »

Palo Alto Networks firewalls, Expedition under attack (CVE-2024-9463, CVE-2024-9465)

Censys, CISA, configuration management, Don't miss, enterprise, firewall, Horizon3.ai, Hot stuff, News, Palo Alto Networks /

Palo Alto Networks firewalls, Expedition under attack (CVE-2024-9463, CVE-2024-9465) 2024-11-15 at 13:16 By Zeljka Zorz Attackers have been spotted exploiting two additional vulnerabilities (CVE-2024-9463, CVE-2024-9465) in Palo Alto Networks’ Expedition firewall configuration migration tool, CISA has confirmed on Thursday. About the vulnerabilities (CVE-2024-9463, CVE-2024-9465) CVE-2024-9463 allows unauthenticated attackers to run arbitrary OS commands as root

React to this headline:

Loading spinner

Palo Alto Networks firewalls, Expedition under attack (CVE-2024-9463, CVE-2024-9465) Read More »

AI’s impact on the future of web application security

API security, cybersecurity, Don't miss, Features, Hot stuff, Incident Response, monitoring, News, opinion, web application security /

AI’s impact on the future of web application security 2024-11-15 at 07:33 By Mirko Zorz In this Help Net Security interview, Tony Perez, CEO at NOC.org, discusses the role of continuous monitoring for real-time threat detection, the unique risks posed by APIs, and strategies for securing web applications. Perez also addresses how AI-driven threats are

React to this headline:

Loading spinner

AI’s impact on the future of web application security Read More »

Using AI to drive cybersecurity risk scoring systems

Artificial Intelligence, cyber risk, cybersecurity, Don't miss, Hot stuff, Microsoft, Risk Management, Video /

Using AI to drive cybersecurity risk scoring systems 2024-11-15 at 07:18 By Help Net Security In this Help Net Security video, Venkat Gopalakrishnan, Principal Data Science Manager at Microsoft, discusses the development of AI-driven risk scoring models tailored for cybersecurity threats, and how AI is revolutionizing risk assessment and management in cybersecurity. The post Using

React to this headline:

Loading spinner

Using AI to drive cybersecurity risk scoring systems Read More »

NIST is chipping away at NVD backlog

CVE, Don't miss, Hot stuff, News, NIST, vulnerability assessment, vulnerability management /

NIST is chipping away at NVD backlog 2024-11-14 at 16:33 By Zeljka Zorz The National Institute of Standards and Technology (NIST) is clearing the backlog of unprocessed CVE-numbered vulnerabilities in the National Vulnerability Database (NVD), but has admitted that their initial estimate of when they would finish the job was “optimistic”. About the NVD The

React to this headline:

Loading spinner

NIST is chipping away at NVD backlog Read More »

Scroll to Top