Hot stuff - Security Ticks

How organizations can keep up with shifting data privacy regulations

Compliance, cybersecurity, data, digital transformation, Don't miss, Encryption, Hot stuff, key management, Privacy, regulation, Thales, Video / SecurityTicks

How organizations can keep up with shifting data privacy regulations 2024-03-12 at 06:31 By Help Net Security With no sign of regulations slowing down, enterprises struggle to keep pace with the rapid changes. According to a recent NTT Data survey of business executives, 3 in 4 organizations can’t keep up with data regulations, holding them […]

React to this headline:

How organizations can keep up with shifting data privacy regulations Read More »

Microsoft: Russian hackers accessed internal systems, code repositories

account hijacking, APT, brute-force, Don't miss, government-backed attacks, Hot stuff, IBM X-Force, Microsoft, News / SecurityTicks

Microsoft: Russian hackers accessed internal systems, code repositories 2024-03-11 at 14:14 By Zeljka Zorz Midnight Blizzard (aka APT29), a group of Russian hackers tied to the country’s Foreign Intelligence Service (SVR), has leveraged information stolen from Microsoft corporate email systems to burrow into the company’s source code repositories and internal systems. “It is apparent that

React to this headline:

Microsoft: Russian hackers accessed internal systems, code repositories Read More »

Transitioning to memory-safe languages: Challenges and considerations

code, cybersecurity, Don't miss, education, Features, Hot stuff, News, OpenSSF, opinion, programming, regulation, software development / SecurityTicks

Transitioning to memory-safe languages: Challenges and considerations 2024-03-11 at 09:07 By Mirko Zorz In this Help Net Security interview, Omkhar Arasaratnam, General Manager at the Open Source Security Foundation (OpenSSF), discusses the evolution of memory-safe programming languages and their emergence in response to the limitations of languages like C and C++. Memory safety concerns, prevailing

React to this headline:

Transitioning to memory-safe languages: Challenges and considerations Read More »

10 free cybersecurity guides you might have missed

CISA, CISO, critical infrastructure, cyber resilience, Department of Defense, Don't miss, Government, guide, Hot stuff, how-to, News, phishing, Ransomware, skill development, SMBs, strategy, tips, USA / SecurityTicks

10 free cybersecurity guides you might have missed 2024-03-11 at 09:07 By Help Net Security This collection of free cybersecurity guides covers a broad range of topics, from resources for developing cybersecurity programs to specific guides for various sectors and organizations. Whether you work for a small business, a large corporation, or a specific industry,

React to this headline:

10 free cybersecurity guides you might have missed Read More »

Email security trends in the energy and infrastructure sector

Abnormal Security, attacks, BEC scams, critical infrastructure, cybersecurity, Don't miss, Email, email security, energy sector, Hot stuff, risk, Video / SecurityTicks

Email security trends in the energy and infrastructure sector 2024-03-11 at 09:07 By Help Net Security In this Help Net Security video, Mike Britton, CISO at Abnormal Security, discusses how energy and infrastructure organizations face an increased risk of business email compromise and vendor email compromise attacks. According to Abnormal Security data, from February 2023

React to this headline:

Email security trends in the energy and infrastructure sector Read More »

CloudGrappler: Open-source tool detects activity in cloud environments

AWS, Azure, Cado Security, cloud security, cybersecurity, Don't miss, GitHub, Hot stuff, News, open source, Permiso, software / SecurityTicks

CloudGrappler: Open-source tool detects activity in cloud environments 2024-03-11 at 09:07 By Mirko Zorz CloudGrappler is an open-source tool designed to assist security teams in identifying threat actors within their AWS and Azure environments. The tool, built on the foundation of Cado Security’s cloudgrep project, offers enhanced detection capabilities based on the tactics, techniques, and

React to this headline:

CloudGrappler: Open-source tool detects activity in cloud environments Read More »

Cisco patches Secure Client VPN flaw that could reveal authentication tokens (CVE-2024-20337)

access point, Cisco, Don't miss, enterprise, Hot stuff, News, security update, SMBs, VPN, vulnerability / SecurityTicks

Cisco patches Secure Client VPN flaw that could reveal authentication tokens (CVE-2024-20337) 2024-03-08 at 13:03 By Zeljka Zorz Cisco has fixed two high-severity vulnerabilities affecting its Cisco Secure Client enterprise VPN and endpoint security solution, one of which (CVE-2024-20337) could be exploited by unauthenticated, remote attackers to grab users’ valid SAML authentication token. “The attacker

React to this headline:

Cisco patches Secure Client VPN flaw that could reveal authentication tokens (CVE-2024-20337) Read More »

March 2024 Patch Tuesday forecast: A popular framework updated

Adobe, apple, cybersecurity, Don't miss, Expert analysis, Expert corner, Google, Hot stuff, Ivanti, Microsoft, News, patch, Patch Tuesday, security update / SecurityTicks

March 2024 Patch Tuesday forecast: A popular framework updated 2024-03-08 at 08:47 By Help Net Security We’re almost at our third Patch Tuesday and wrapping up the first quarter 2024. Time flies by! Microsoft is starting to push users to update their operating systems as their active version is approaching end-of-support. The February 2024 Patch

React to this headline:

March 2024 Patch Tuesday forecast: A popular framework updated Read More »

Immediate AI risks and tomorrow’s dangers

Artificial Intelligence, BSidesZG, ChatGPT, cyber risk, cyberattack, Don't miss, generative AI, GitGuardian, Hot stuff, LLMs, News, threat / SecurityTicks

Immediate AI risks and tomorrow’s dangers 2024-03-08 at 08:37 By Helga Labus “At the most basic level, AI has given malicious attackers superpowers,” Mackenzie Jackson, developer and security advocate at GitGuardian, told the audience last week at Bsides Zagreb. These superpowers are most evident in the growing impact of fishing, smishing and vishing attacks since

React to this headline:

Immediate AI risks and tomorrow’s dangers Read More »

Leveraging AI and automation for enhanced cloud communication security

Artificial Intelligence, authentication, automation, Cloud, communication, Compliance, cybersecurity, Don't miss, Features, Hot stuff, machine learning, News, opinion, threat detection, Vonage / SecurityTicks

Leveraging AI and automation for enhanced cloud communication security 2024-03-08 at 07:32 By Mirko Zorz In this Help Net Security interview, Sanjay Macwan, CIO and CISO at Vonage, addresses emerging threats to cloud communications and the role of AI and automation in cybersecurity. What emerging threats to cloud communications are you most concerned about, and

React to this headline:

Leveraging AI and automation for enhanced cloud communication security Read More »

Securing the future: Addressing cybersecurity challenges in the education sector

credentials, cybersecurity, dark web, Don't miss, education, Email, Hot stuff, Ransomware, Trustwave, Video / SecurityTicks

Securing the future: Addressing cybersecurity challenges in the education sector 2024-03-08 at 07:03 By Help Net Security In this Help Net Security video, Kory Daniels, CISO at Trustwave, shines a light on the impact the current threat environment can have for both universities and students. Key findings from a recent Trustwave report include: – 1.8

React to this headline:

Securing the future: Addressing cybersecurity challenges in the education sector Read More »

VMware patches critical flaws in ESXi, Workstation, Fusion and Cloud Foundation

Don't miss, Hot stuff, News, sandbox, security update, VMWare, vulnerability / SecurityTicks

VMware patches critical flaws in ESXi, Workstation, Fusion and Cloud Foundation 2024-03-07 at 15:07 By Helga Labus VMware has fixed four vulnerabilities (CVE-2024-22252, CVE-2024-22253, CVE-2024-22254, CVE-2024-22255) in ESXi, Workstation, Fusion and Cloud Foundation, some of which could allow attackers to escape the sandbox and execute code on the host machine. About the vulnerabilities VMware ESXi

React to this headline:

VMware patches critical flaws in ESXi, Workstation, Fusion and Cloud Foundation Read More »

Web-based PLC malware: A new potential threat to critical infrastructure

Don't miss, Hot stuff, ICS/SCADA, Malware, News, PLC, research, web application security / SecurityTicks

Web-based PLC malware: A new potential threat to critical infrastructure 2024-03-07 at 13:47 By Zeljka Zorz A group of researchers from Georgia Tech’s College of Engineering have developed web-based programmable logic controller (PLC) malware able to target most PLCs produced by major manufacturers. “Our Web-Based (WB) PLC malware resides in PLC memory, but ultimately gets

React to this headline:

Web-based PLC malware: A new potential threat to critical infrastructure Read More »

Major shifts in identity, ransomware, and critical infrastructure threat trends

critical infrastructure, cybersecurity, Don't miss, Hot stuff, IBM X-Force, identity, Ransomware, threat, Video / SecurityTicks

Major shifts in identity, ransomware, and critical infrastructure threat trends 2024-03-07 at 07:20 By Help Net Security In this Help Net Security video, Michelle Alvarez, Strategic Threat Analysis Manager at IBM X-Force, discusses the 2024 X-Force Threat Intelligence Index, revealing top threats and trends the team observed last year across its global engagements and how

React to this headline:

Major shifts in identity, ransomware, and critical infrastructure threat trends Read More »

A cybercriminal is sentenced, will it make a difference?

Cynet, Don't miss, Hot stuff, News / SecurityTicks

A cybercriminal is sentenced, will it make a difference? 2024-03-07 at 06:03 By Help Net Security The darknet is home to many underground hacking forums in which cybercriminals convene, freely sharing stories, tactics, success stories and failures. Their unguarded discussions allow our team to peek into the politics and ethics behind recent adversary activities. The

React to this headline:

A cybercriminal is sentenced, will it make a difference? Read More »

Apple fixes two actively exploited iOS zero-days (CVE-2024-23225, CVE-2024-23296)

0-day, apple, Don't miss, Hot stuff, iOS, iPad, News, security update / SecurityTicks

Apple fixes two actively exploited iOS zero-days (CVE-2024-23225, CVE-2024-23296) 2024-03-06 at 11:45 By Zeljka Zorz Apple has fixed two iOS zero-day vulnerabilities (CVE-2024-23225, CVE-2024-23296) exploited by attackers in the wild. CVE-2024-23225 and CVE-2024-23296 On Tuesday, Apple released security updates for all three supported branches of iOS and iPadOS. iOS and iPadOS 17.4 carry fixes for

React to this headline:

Apple fixes two actively exploited iOS zero-days (CVE-2024-23225, CVE-2024-23296) Read More »

5 ways to keep API integrations secure

API security, cybersecurity, Don't miss, Expert analysis, Expert corner, Hot stuff, Merge, News, opinion, SIEM, software, update / SecurityTicks

5 ways to keep API integrations secure 2024-03-06 at 08:20 By Help Net Security API integrations often handle sensitive data, such as employees’ personally identifiable information (PII), companies’ financial information, or even clients’ payment card data. Keeping this data safe from attackers—while ensuring that the integrations perform at the desired level—requires adopting several security measures.

React to this headline:

5 ways to keep API integrations secure Read More »

RiskInDroid: Open-source risk analysis of Android apps

Android, code analysis, Don't miss, GitHub, Hot stuff, News, open source, scanning, software / SecurityTicks

RiskInDroid: Open-source risk analysis of Android apps 2024-03-06 at 07:30 By Mirko Zorz RiskInDroid (Risk Index for Android) is an open-source tool for quantitative risk analysis of Android applications based on machine learning techniques. How RiskInDroid works “A user should be able to quickly assess an application’s level of risk by simply glancing at RiskInDroid’s

React to this headline:

RiskInDroid: Open-source risk analysis of Android apps Read More »

Navigating regulation challenges for protecting sensitive healthcare data

ClearDATA, cybersecurity, data, Data Protection, Don't miss, healthcare, Hot stuff, Privacy, regulation, Video / SecurityTicks

Navigating regulation challenges for protecting sensitive healthcare data 2024-03-06 at 07:10 By Help Net Security In this Help Net Security video, Chris Bowen, CISO at ClearDATA, emphasizes the importance of digital health companies being more transparent with their users. As more and more Americans flock to direct-to-consumer digital health apps and resources, most people don’t

React to this headline:

Navigating regulation challenges for protecting sensitive healthcare data Read More »

How to create an efficient governance control program

Center for Internet Security, CISO, Don't miss, Hot stuff, how-to, News, strategy, tips / SecurityTicks

How to create an efficient governance control program 2024-03-06 at 06:31 By Help Net Security Your success as an organization, especially in the cyber realm, depends on your security posture. To account for the ongoing evolution of digital threats, you need to implement robust governance control programs that address the current control environment and help

React to this headline:

How to create an efficient governance control program Read More »