Hot stuff - Security Ticks

Kubernetes vulnerabilities allows RCE on Windows endpoints (CVE-2023-3676)

Akamai, Don't miss, Hot stuff, Kubernetes, News, security update, vulnerability, Windows / SecurityTicks

Kubernetes vulnerabilities allows RCE on Windows endpoints (CVE-2023-3676) 18/09/2023 at 14:32 By Helga Labus Three high-severity Kubernetes vulnerabilities (CVE-2023-3676, CVE-2023-3893, CVE-2023-3955) could allow attackers to execute code remotely and gain control over all Windows nodes in the Kubernetes cluster. About the vulnerabilities CVE-2023-3676, discovered by Akamai researcher Tomer Peled, is a command injection vulnerability that […]

React to this headline:

Kubernetes vulnerabilities allows RCE on Windows endpoints (CVE-2023-3676) Read More »

Industrial cybersecurity giant Dragos rakes in new funding, sets sights on global expansion

cybersecurity, Don't miss, Dragos, Features, Government, Hot stuff, investment, Malware, News, opinion, Threat Intelligence, threats / SecurityTicks

Industrial cybersecurity giant Dragos rakes in new funding, sets sights on global expansion 18/09/2023 at 12:32 By Mirko Zorz Today, Dragos revealed that it has secured a $74 million Series D extension funding round, spearheaded by the strategic operating and investment firm WestCap. The funding extension comes when global governments and infrastructure providers increasingly acknowledge

React to this headline:

Industrial cybersecurity giant Dragos rakes in new funding, sets sights on global expansion Read More »

The hidden dangers of low-value data

CISO, Compliance, data, data security, Don't miss, Hot stuff, Imperva, strategy, tips, Video / SecurityTicks

The hidden dangers of low-value data 18/09/2023 at 08:05 By Help Net Security In this Help Net Security video, Terry Ray, SVP Data Security and Field CTO at Imperva, warns organizations to stop ignoring low-value data – as criminals use it as a place to live, watch, and wait for the perfect moment to steal

React to this headline:

The hidden dangers of low-value data Read More »

Modernizing fraud prevention with machine learning

authentication, biometrics, cybersecurity, Don't miss, Experian, Expert analysis, Expert corner, fraud, Hot stuff, identity, identity theft, machine learning, News, opinion, Privacy / SecurityTicks

Modernizing fraud prevention with machine learning 15/09/2023 at 08:33 By Help Net Security The number of digital transactions has skyrocketed. As consumers continue to spend and interact online, they have growing expectations for security and identity verification. As fraudsters become savvier and more opportunistic, there’s an increased need for businesses to protect customers from fraud

React to this headline:

Modernizing fraud prevention with machine learning Read More »

Attackers hit software firm Retool to get to crypto companies and assets

Cryptocurrency, cybercrime, Don't miss, Hot stuff, MFA, News, Okta, Retool, social engineering, spear-phishing, supply chain compromise / SecurityTicks

Attackers hit software firm Retool to get to crypto companies and assets 14/09/2023 at 18:17 By Zeljka Zorz Retool, the company behind the popular development platform for building internal business software, has suffered a breach that allowed attackers to access and take over accounts of 27 cloud customers, all in the crypto industry. According to

React to this headline:

Attackers hit software firm Retool to get to crypto companies and assets Read More »

Attackers use fallback ransomware if LockBit gets blocked

Don't miss, enterprise, Hot stuff, News, Ransomware, Symantec / SecurityTicks

Attackers use fallback ransomware if LockBit gets blocked 14/09/2023 at 13:15 By Zeljka Zorz Your security solutions might stave off a LockBit infection, but you might still end up with encrypted files: according to Symantec’s threat researchers, some affiliates are using the 3AM ransomware as a fallback option in case LockBit gets flagged and blocked.

React to this headline:

Attackers use fallback ransomware if LockBit gets blocked Read More »

Great security training is a real challenge

CISO, Compliance, cybersecurity, Don't miss, Expert analysis, Expert corner, Hot stuff, News, opinion, PagerDuty, passwords, physical security, security awareness, social engineering, training / SecurityTicks

Great security training is a real challenge 14/09/2023 at 07:31 By Help Net Security All employees need security training, yet it’s generally a resented afterthought. A variety of studies over years show that human error is generally felt to be the largest vulnerability in organizations. For technology companies like SaaS providers, who also need to

React to this headline:

Great security training is a real challenge Read More »

The critical role of authorization in safeguarding financial institutions

access control, Axiomatics, CISO, Compliance, data breach, Don't miss, Hot stuff, Privacy, regulation, strategy, tips, Video / SecurityTicks

The critical role of authorization in safeguarding financial institutions 14/09/2023 at 07:01 By Help Net Security According to a recent Cost of Data Breach report, the financial industry has the second highest average cost for a data breach, making the value well worth financial institutions investing more into authorization. In this Help Net Security video,

React to this headline:

The critical role of authorization in safeguarding financial institutions Read More »

MetaStealer malware is targeting enterprise macOS users

apple, Don't miss, enterprise, Hot stuff, macOS, Malware, News / SecurityTicks

MetaStealer malware is targeting enterprise macOS users 13/09/2023 at 14:32 By Helga Labus Enterprise macOS users are being targeted by attackers slinging new information-stealing malware dubbed MetaStealer. The MetaStealer malware MetaStealer is delivered within malicious disk image format (.dmg) files. The names of the files – such as Advertising terms of reference (MacOS presentation).dmg and

React to this headline:

MetaStealer malware is targeting enterprise macOS users Read More »

Microsoft Teams phishing: Enterprises targeted by ransomware access broker

Don't miss, Hot stuff, initial access broker, Microsoft, Microsoft Teams, News, phishing, Ransomware / SecurityTicks

Microsoft Teams phishing: Enterprises targeted by ransomware access broker 13/09/2023 at 12:16 By Zeljka Zorz A threat actor known for providing ransomware gangs with initial access to enterprise systems has began phishing employees via Microsoft Teams. “For this activity, Storm-0324 most likely relies on a publicly available tool called TeamsPhisher,” Microsoft threat researchers noted. About

React to this headline:

Microsoft Teams phishing: Enterprises targeted by ransomware access broker Read More »

Serial cybersecurity founders get back in the game

CEO, cybersecurity, Don't miss, Expert analysis, Expert corner, Honeywell, Hot stuff, Microsoft, News, opinion, Palo Alto Networks, Valence Security, YL Ventures / SecurityTicks

Serial cybersecurity founders get back in the game 13/09/2023 at 07:32 By Help Net Security “I didn’t really have a choice,” says Ben Bernstein, the former CEO and co-founder of Twistlock (acquired by Palo Alto Networks in 2019) and the CEO and co-founder of a new cybersecurity startup that is still in stealth. “Building a

React to this headline:

Serial cybersecurity founders get back in the game Read More »

The rise and evolution of supply chain attacks

backdoor, Broadcom, cybersecurity, Don't miss, Hot stuff, Malware, software, supply chain attacks, Symantec, trojan, Video / SecurityTicks

The rise and evolution of supply chain attacks 13/09/2023 at 07:03 By Help Net Security A supply chain attack is a cyberattack that focuses on a third-party supplier providing essential services or software to the supply chain. In this Help Net Security video, Dick O’Brien, Principal Intelligence Analyst in the Symantec Threat Hunter team, discusses

React to this headline:

The rise and evolution of supply chain attacks Read More »

Microsoft, Adobe fix zero-days exploited by attackers (CVE-2023-26369, CVE-2023-36761, CVE-2023-36802)

Adobe, Automox, CVE, Don't miss, Hot stuff, Microsoft, Microsoft Exchange, News, patch, Patch Tuesday, security update, Tenable, Trend Micro / SecurityTicks

Microsoft, Adobe fix zero-days exploited by attackers (CVE-2023-26369, CVE-2023-36761, CVE-2023-36802) 12/09/2023 at 22:01 By Zeljka Zorz September 2023 Patch Tuesday is here, with fixes for actively exploited vulnerabilities in Adobe Acrobat and Reader (CVE-2023-26369), Microsoft Word (CVE-2023-36761), and Microsoft Streaming Service Proxy (CVE-2023-36802). Microsoft vulnerabilities of note Microsoft has delivered fixes for 61 CVE-numbered flaws:

React to this headline:

Microsoft, Adobe fix zero-days exploited by attackers (CVE-2023-26369, CVE-2023-36761, CVE-2023-36802) Read More »

Requests via Facebook Messenger lead to hijacked business accounts

account hijacking, Don't miss, Facebook, Facebook Messenger, Guardio, Hot stuff, Malware, News, phishing / SecurityTicks

Requests via Facebook Messenger lead to hijacked business accounts 12/09/2023 at 13:32 By Zeljka Zorz Hijackers of Facebook business accounts are relying on fake business inquiries and threats of page/account suspension to trick targets into downloading password-stealing malware. Examples of phishing messages. (Source: Guardio Labs) The campaign Hijacked Facebook business accounts a great way to

React to this headline:

Requests via Facebook Messenger lead to hijacked business accounts Read More »

Chrome zero-day exploited in the wild, patch now! (CVE-2023-4863)

0-day, Chrome, Don't miss, Google, Hot stuff, News, security update, vulnerability / SecurityTicks

Chrome zero-day exploited in the wild, patch now! (CVE-2023-4863) 12/09/2023 at 12:47 By Helga Labus Google has rolled out a security update for a critical Chrome zero-day vulnerability (CVE-2023-4863) exploited in the wild. About the vulnerability (CVE-2023-4863) CVE-2023-4863 is a critical heap buffer overflow vulnerability in the component that handles WebP, a raster graphics file

React to this headline:

Chrome zero-day exploited in the wild, patch now! (CVE-2023-4863) Read More »

17 free AWS cybersecurity courses you can take right now

Amazon Web Services, AWS, cloud security, Don't miss, Hot stuff, how-to, News, skill development, strategy, tips / SecurityTicks

17 free AWS cybersecurity courses you can take right now 12/09/2023 at 08:02 By Help Net Security Amazon Web Services (AWS) is the most extensive and widely-used cloud platform in the world, providing more than 200 services through global data centers. It serves millions of clients, ranging from startups to major corporations and government organizations.

React to this headline:

17 free AWS cybersecurity courses you can take right now Read More »

Strategies for harmonizing DevSecOps and AI

Artificial Intelligence, Compliance, cybersecurity, DevSecOps, Digital.ai, Don't miss, Hot stuff, opinion, Video / SecurityTicks

Strategies for harmonizing DevSecOps and AI 12/09/2023 at 07:32 By Help Net Security The same digital automation tools that have revolutionized workflows for developers are creating an uphill battle regarding security. From data breaches and cyberattacks to compliance concerns, the stakes have never been higher for enterprises to establish a robust and comprehensive security strategy.

React to this headline:

Strategies for harmonizing DevSecOps and AI Read More »

CIS SecureSuite membership: Leverage best practices to improve cybersecurity

Center for Internet Security, Don't miss, Hot stuff, Video / SecurityTicks

CIS SecureSuite membership: Leverage best practices to improve cybersecurity 12/09/2023 at 05:45 By Help Net Security Whether you’re facing a security audit or interested in configuring systems securely, CIS SecureSuite Membership is here to help. CIS SecureSuite provides thousands of organizations with access to an effective and comprehensive set of cybersecurity resources and tools to

React to this headline:

CIS SecureSuite membership: Leverage best practices to improve cybersecurity Read More »

Microsoft Teams users targeted in phishing attack delivering DarkGate malware

Don't miss, Hot stuff, Malware, Microsoft 365, Microsoft Teams, News, phishing / SecurityTicks

Microsoft Teams users targeted in phishing attack delivering DarkGate malware 11/09/2023 at 13:31 By Helga Labus A new phishing campaign taking advantage of an easily exploitable issue in Microsoft Teams to deliver malware has been flagged by researchers. Delivering malware to Microsoft Teams users Late last month, Truesec researchers spotted two compromised Microsoft 365 accounts

React to this headline:

Microsoft Teams users targeted in phishing attack delivering DarkGate malware Read More »

The blueprint for a highly effective EASM solution

Compliance, cybersecurity, Don't miss, Features, framework, Hot stuff, misconfiguration, monitoring, News, opinion, remediation, SaaS, shadow IT, SIEM, Threat Intelligence, Uncovery, vulnerability / SecurityTicks

The blueprint for a highly effective EASM solution 11/09/2023 at 08:04 By Mirko Zorz In this Help Net Security interview, Adrien Petit, CEO at Uncovery, discusses the benefits that organizations can derive from implementing external attack surface management (EASM) solutions, the essential capabilities an EASM solution should possess, and how it deals with uncovering hidden

React to this headline:

The blueprint for a highly effective EASM solution Read More »