Hot stuff - Security Ticks

The effect of omission bias on vulnerability management

cyber resilience, cybersecurity, data, Don't miss, Expert analysis, Expert corner, Hot stuff, News, opinion, patching, remediation, trackd, vulnerability management / SecurityTicks

The effect of omission bias on vulnerability management 2024-01-24 at 08:31 By Help Net Security Whether we’d like to admit it to ourselves or not, all humans harbor subconscious biases that powerfully influence our behavior. One of these is the omission bias, which has interesting ramifications in the world of cyber security, specifically vulnerability management. […]

React to this headline:

The effect of omission bias on vulnerability management Read More »

10 USA cybersecurity conferences you should visit in 2024

conferences, Don't miss, Hot stuff, News, USA / SecurityTicks

10 USA cybersecurity conferences you should visit in 2024 2024-01-24 at 08:01 By Help Net Security Security BSides Security BSides offers attendees an opportunity to engage and present their ideas actively. Characterized by its intensity, these events are filled with discussions, demonstrations, and interactive participation. BSides are happening all over the USA. To find an

React to this headline:

10 USA cybersecurity conferences you should visit in 2024 Read More »

Prioritizing CIS Controls for effective cybersecurity across organizations

Center for Internet Security, CISO, cybersecurity, Don't miss, Features, framework, GRC, Hot stuff, News, opinion, standards, strategy, tips, Virginia Tech / SecurityTicks

Prioritizing CIS Controls for effective cybersecurity across organizations 2024-01-24 at 07:32 By Mirko Zorz In this Help Net Security interview, Randy Marchany, CISO at Virginia Tech, discusses the challenges and strategies associated with implementing CIS Controls in organizations of varying sizes. Marchany explores the importance of securing top-level management support, breaking down data silos, and

React to this headline:

Prioritizing CIS Controls for effective cybersecurity across organizations Read More »

Why resilience leaders must prepare for polycrises

cyber resilience, cybersecurity, Don't miss, Hot stuff, hybrid workforce, Infinite Blue, supply chain, threats, Video / SecurityTicks

Why resilience leaders must prepare for polycrises 2024-01-24 at 07:02 By Help Net Security In this Help Net Security video, Frank Shultz, CEO of Infinite Blue, discusses how more frequent and severe disruptions and our increasingly interconnected world collide to create a new threat for resilience leaders to manage: polycrises. These multiple concurrent or cascading

React to this headline:

Why resilience leaders must prepare for polycrises Read More »

Apple debuts new feature to frustrate iPhone thieves

account protection, apple, Don't miss, Hot stuff, iOS, iPhone, mobile security, News, theft / SecurityTicks

Apple debuts new feature to frustrate iPhone thieves 2024-01-23 at 16:31 By Zeljka Zorz Besides fixing an actively exploited zero-day vulnerability, the latest update for the iOS 17 branch offers a new feature to help you protect your accounts and sensitive information in case your iPhone gets stolen. Stolen Device Protection If enabled, the Stolen

React to this headline:

Apple debuts new feature to frustrate iPhone thieves Read More »

Apple fixes actively exploited WebKit zero-day (CVE-2024-23222)

0-day, apple, Don't miss, Hot stuff, iOS, iPad, macOS, News, security update / SecurityTicks

Apple fixes actively exploited WebKit zero-day (CVE-2024-23222) 2024-01-23 at 13:46 By Helga Labus Apple has fixed an actively exploited zero-day vulnerability (CVE-2024-23222) that affects Macs, iPhones, iPads and AppleTVs. About CVE-2024-23222 CVE-2024-23222 is a type confusion issue that affects WebKit – Apple’s browser engine used in the Safari web browser and all iOS and iPadOS

React to this headline:

Apple fixes actively exploited WebKit zero-day (CVE-2024-23222) Read More »

Data of 15 million Trello users scraped and offered for sale

data breach, Data leak, Don't miss, Hot stuff, News, Trello, web application / SecurityTicks

Data of 15 million Trello users scraped and offered for sale 2024-01-23 at 13:16 By Zeljka Zorz Someone is selling scraped data of millions of users of Trello, a popular a web-based list-making application and project management platform, on a dark web hacker forum. The database dump “contains emails, usernames, full names and other account

React to this headline:

Data of 15 million Trello users scraped and offered for sale Read More »

Why cyberattacks mustn’t be kept secret

cyberattacks, cybersecurity, Don't miss, Expert analysis, Expert corner, Government, HackerOne, Hot stuff, News, opinion, regulation / SecurityTicks

Why cyberattacks mustn’t be kept secret 2024-01-23 at 08:01 By Help Net Security No company is immune to cyberattacks, but when the inevitable happens, too many companies still try to maintain a wall of silence. In fact, over half of security professionals admit their organizations maintain a culture of security through obscurity, with over one-third

React to this headline:

Why cyberattacks mustn’t be kept secret Read More »

Beyond blockchain: Strategies for seamless digital asset integration

access management, blockchain, Cryptocurrency, cybersecurity, digital wallet, Don't miss, Features, financial industry, Hot stuff, identity management, Innovation, key management, News, opinion, regulation, Taurus, threats, tokenization / SecurityTicks

Beyond blockchain: Strategies for seamless digital asset integration 2024-01-23 at 07:31 By Mirko Zorz In this Help Net Security interview, Jean-Philippe Aumasson, CSO at Taurus, emphasizes the often-overlooked complexities of key generation, storage, and distribution, underlining the necessity for a high level of security maturity in handling digital assets. Looking ahead, Aumasson predicts that the

React to this headline:

Beyond blockchain: Strategies for seamless digital asset integration Read More »

Top cybersecurity concerns for the upcoming elections

Arctic Wolf Networks, cybersecurity, deepfakes, Don't miss, Government, hacking, Hot stuff, phishing, Video / SecurityTicks

Top cybersecurity concerns for the upcoming elections 2024-01-23 at 07:01 By Help Net Security In this Help Net Security video, Adam Marrè, CISO at Arctic Wolf, explains how state and local governments must focus on cybersecurity as the 2024 election approaches in the United States. State and local IT and cybersecurity teams usually have few

React to this headline:

Top cybersecurity concerns for the upcoming elections Read More »

Attackers can steal NTLM password hashes via calendar invites

authentication, Don't miss, enterprise, Hot stuff, News, Outlook, passwords, SMBs, Varonis, vulnerability, Windows / SecurityTicks

Attackers can steal NTLM password hashes via calendar invites 2024-01-22 at 15:46 By Zeljka Zorz A recently patched vulnerability in Microsoft Outlook (CVE-2023-35636) that can be used by attackers to steal users’ NTLM v2 hashes can be exploited by adding two headers to an email carrying a specially crafted file, security researcher Dolev Taler has

React to this headline:

Attackers can steal NTLM password hashes via calendar invites Read More »

Tietoevry ransomware attack halts Swedish organizations

cyberattack, Don't miss, EU, Hot stuff, News, Ransomware / SecurityTicks

Tietoevry ransomware attack halts Swedish organizations 2024-01-22 at 13:16 By Helga Labus Finnish IT software and service company Tietoevry has suffered a ransomware attack that affected several customers of one of its datacenters in Sweden. The attack The ransomware attack took place during the night of January 19-20. “The attack was limited to one part

React to this headline:

Tietoevry ransomware attack halts Swedish organizations Read More »

New method to safeguard against mobile account takeovers

apple, attacks, cybersecurity, Don't miss, Hot stuff, iPhone, mobile apps, mobile devices, mobile security, News, Samsung, Xiaomi / SecurityTicks

New method to safeguard against mobile account takeovers 2024-01-22 at 13:01 By Help Net Security Computer science researchers have developed a new way to identify security weaknesses that leave people vulnerable to account takeover attacks, where an attacker gains unauthorized access to online accounts. Most mobiles are now home to a complex ecosystem of interconnected

React to this headline:

New method to safeguard against mobile account takeovers Read More »

Without clear guidance, SEC’s new rule on incident reporting may be detrimental

Axonius, Compliance, cybersecurity, Don't miss, Expert analysis, Expert corner, Hot stuff, News, opinion, regulation, Risk Management, strategy / SecurityTicks

Without clear guidance, SEC’s new rule on incident reporting may be detrimental 2024-01-22 at 08:01 By Help Net Security The SEC has instituted a set of guidelines “requiring registrants to disclose material cybersecurity incidents they experience and to disclose on an annual basis material information regarding their cybersecurity risk management, strategy, and governance.” These new

React to this headline:

Without clear guidance, SEC’s new rule on incident reporting may be detrimental Read More »

The reality of hacking threats in connected car systems

automotive security, car hacking, Compliance, connected cars, cyber risk, cybersecurity, data theft, Don't miss, Features, Hot stuff, IOActive, News, opinion, regulation, standards, supply chain / SecurityTicks

The reality of hacking threats in connected car systems 2024-01-22 at 07:31 By Mirko Zorz With the integration of sophisticated technologies like over-the-air updates and increased data connectivity, cars are no longer just modes of transportation but also hubs of personal and operational data. This shift brings forth unique cybersecurity challenges, ranging from hacking and

React to this headline:

The reality of hacking threats in connected car systems Read More »

Out with the old and in with the improved: MFA needs a revamp

Acronis, authentication, cybercriminals, cybersecurity, Don't miss, Expert analysis, Expert corner, Hot stuff, human error, MFA, News, opinion, phishing, zero trust / SecurityTicks

Out with the old and in with the improved: MFA needs a revamp 2024-01-19 at 08:02 By Help Net Security From AI to ZTA (zero-trust architecture), the technology responsible for protecting your company’s data has evolved immensely. Despite the advances, cybercriminals repeatedly find new and creative ways to gain access to sensitive information. This can

React to this headline:

Out with the old and in with the improved: MFA needs a revamp Read More »

Poorly secured PostgreSQL, MySQL servers targeted by ransomware bot

Border0, database security, Don't miss, extortion, Hot stuff, Intruder, MariaDB, MongoDB, MySQL, News, PostgreSQL / SecurityTicks

Poorly secured PostgreSQL, MySQL servers targeted by ransomware bot 2024-01-18 at 17:03 By Zeljka Zorz Users exposing poorly secured PostgreSQL and MySQL servers online are in danger of getting their databases wiped by a ransomware bot, Border0 researchers are warning. The attackers asks for a small sum to return / not publish the data, but

React to this headline:

Poorly secured PostgreSQL, MySQL servers targeted by ransomware bot Read More »

Attribute-based encryption could spell the end of data compromise

cybersecurity, data, Don't miss, Encryption, Expert analysis, Expert corner, hacking contest, Hot stuff, News, NTT Research, opinion, Privacy, surveillance / SecurityTicks

Attribute-based encryption could spell the end of data compromise 2024-01-18 at 08:02 By Help Net Security The future of data privacy is the end of compromise. With the world producing data at astounding rates, we need ways to put data to the best use while protecting against breaches and ensuring privacy, data protection and access

React to this headline:

Attribute-based encryption could spell the end of data compromise Read More »

Ransomware negotiation: When cybersecurity meets crisis management

attacks, cyber insurance, cybersecurity, Don't miss, Features, Hot stuff, Incident Response, News, opinion, Ransomware, regulation, strategy, Tanium / SecurityTicks

Ransomware negotiation: When cybersecurity meets crisis management 2024-01-18 at 07:01 By Mirko Zorz In this Help Net Security interview, Tim Morris, Chief Security Advisor at Tanium, discusses ransomware negotiation, how it typically unfolds, and how organizations should have a playbook that clearly outlines what to do, when to do it, who is notified, who will

React to this headline:

Ransomware negotiation: When cybersecurity meets crisis management Read More »

The power of AI in cybersecurity

Artificial Intelligence, cyber risk, cybersecurity, Don't miss, generative AI, Hot stuff, machine learning, News, threat detection / SecurityTicks

The power of AI in cybersecurity 2024-01-18 at 06:31 By Helga Labus The widespread adoption of artificial intelligence (AI), particularly generative AI (GenAI), has revolutionized organizational landscapes and transformed both the cyber threat landscape and cybersecurity. AI as a powerful cybersecurity tool As organizations handle increasing amounts of data daily, AI offers advanced capabilities that

React to this headline:

The power of AI in cybersecurity Read More »