Hot stuff

Hundreds of orgs targeted with emails aimed at stealing NTLM authentication hashes

authentication, Don't miss, Hot stuff, initial access broker, News, phishing, Proofpoint, Varonis, Windows /

Hundreds of orgs targeted with emails aimed at stealing NTLM authentication hashes 2024-03-05 at 12:47 By Zeljka Zorz A threat actor specializing in establishing initial access to target organizations’ computer systems and networks is using booby-trapped email attachments to steal employees’ NTLM hashes. Why are they after NTLM hashes? NT LAN Manager (NTLM) hashes contain […]

React to this headline:

Loading spinner

Hundreds of orgs targeted with emails aimed at stealing NTLM authentication hashes Read More »

Why cyber maturity assessment should become standard practice

cyber resilience, cybersecurity, Don't miss, Expert analysis, Expert corner, Hot stuff, News, opinion, Prism Infosec, risk, risk assessment, security controls /

Why cyber maturity assessment should become standard practice 2024-03-05 at 08:05 By Help Net Security Understanding risk is one thing, but how do you know if your organization has what it takes to withstand those risks being realized? Establishing cyber maturity can help determine resilience, where the strengths and weaknesses lie, and what needs to

React to this headline:

Loading spinner

Why cyber maturity assessment should become standard practice Read More »

3 free data protection regulation courses you can take right now

Data Protection, Don't miss, EU, GDPR, Government, Hot stuff, News, regulation, skill development /

3 free data protection regulation courses you can take right now 2024-03-05 at 07:31 By Help Net Security Increasingly, information about us, and even by us, is being processed. Even mundane or insignificant details can be combined and linked with other data in a manner that may intrude upon or pose a risk to our

React to this headline:

Loading spinner

3 free data protection regulation courses you can take right now Read More »

Secure your hybrid workforce: The advantages of encrypted storage

Compliance, cybersecurity, data security, Don't miss, Encryption, Hot stuff, hybrid workforce, Kingston Digital, regulation, storage, Video /

Secure your hybrid workforce: The advantages of encrypted storage 2024-03-05 at 07:02 By Help Net Security In this Help Net Security video, Ryan Amparo, Field Application Engineer at Kingston Technology, discusses the benefits of encrypted external SSDs and USBs for hybrid workforces. He talks about the differences between software and hardware encryption, why it’s important,

React to this headline:

Loading spinner

Secure your hybrid workforce: The advantages of encrypted storage Read More »

What organizations need to know about the Digital Operational Resilience Act (DORA)

auditing, Compliance, cybersecurity, Don't miss, EU, Features, Hot stuff, Kyndryl, News, opinion, penetration testing, regulation, resilience, Risk Management /

What organizations need to know about the Digital Operational Resilience Act (DORA) 2024-03-05 at 06:31 By Mirko Zorz In this Help Net Security interview, Kris Lovejoy, Global Security and Resilience Leader at Kyndryl, discusses the impact of the Digital Operational Resilience Act (DORA) on organizations across the EU, particularly in ICT risk management and cybersecurity.

React to this headline:

Loading spinner

What organizations need to know about the Digital Operational Resilience Act (DORA) Read More »

Critical vulnerabilities in TeamCity JetBrains fixed, release of technical details imminent, patch quickly! (CVE-2024-27198, CVE-2024-27199)

continuous integration, DevOps, Don't miss, Hot stuff, JetBrains, News, Rapid7, security update, software development, vulnerability /

Critical vulnerabilities in TeamCity JetBrains fixed, release of technical details imminent, patch quickly! (CVE-2024-27198, CVE-2024-27199) 2024-03-04 at 18:07 By Zeljka Zorz JetBrains has fixed two critical security vulnerabilities (CVE-2024-27198, CVE-2024-27199) affecting TeamCity On-Premises and is urging customers to patch them immediately. “Rapid7 originally identified and reported these vulnerabilities to us and has chosen to adhere

React to this headline:

Loading spinner

Critical vulnerabilities in TeamCity JetBrains fixed, release of technical details imminent, patch quickly! (CVE-2024-27198, CVE-2024-27199) Read More »

GitHub push protection now on by default for public repositories

Data leak, Don't miss, GitHub, Hot stuff, News, open source /

GitHub push protection now on by default for public repositories 2024-03-04 at 16:15 By Zeljka Zorz GitHub push protection – a security feature aimed at preventing secrets such as API keys or tokens getting accidentally leaked online – is being switched on by default for all public repositories. “This means that when a supported secret

React to this headline:

Loading spinner

GitHub push protection now on by default for public repositories Read More »

Phishers target FCC, crypto holders via fake Okta SSO pages

Cryptocurrency, Don't miss, fcc, Hot stuff, Lookout, News, Okta, phishing, SSO /

Phishers target FCC, crypto holders via fake Okta SSO pages 2024-03-04 at 14:46 By Helga Labus A new phishing campaign is using fake Okta single sign-on (SSO) pages for the Federal Communications Commission (FCC) and for various cryptocurrency platforms to target users and employees, Lookout researchers have discovered. The phishing campaign By pretending to be

React to this headline:

Loading spinner

Phishers target FCC, crypto holders via fake Okta SSO pages Read More »

Securing software repositories leads to better OSS security

CISA, Don't miss, framework, GitHub, Hot stuff, Malware, News, open source, OpenSSF, PyPI /

Securing software repositories leads to better OSS security 2024-03-04 at 14:03 By Zeljka Zorz Malicious software packages are found on public software repositories such as GitHub, PyPI and the npm registry seemingly every day. Attackers use a number of tricks to fool developers or systems into downloading them, or they simply compromise the package developer’s

React to this headline:

Loading spinner

Securing software repositories leads to better OSS security Read More »

PyRIT: Open-source framework to find risks in generative AI systems

Adversa AI, AppOmni, Artificial Intelligence, cybersecurity, Don't miss, generative AI, Hot stuff, Microsoft, News, open source, Python, red team, software /

PyRIT: Open-source framework to find risks in generative AI systems 2024-03-04 at 08:02 By Mirko Zorz Python Risk Identification Tool (PyRIT) is Microsoft’s open-source automation framework that enables security professionals and machine learning engineers to find risks in generative AI systems. PyRIT has been battle-tested by Microsoft’s AI red team. It started as a collection

React to this headline:

Loading spinner

PyRIT: Open-source framework to find risks in generative AI systems Read More »

Integrating software supply chain security in DevSecOps CI/CD pipelines

cybersecurity, DevSecOps, Don't miss, Endor Labs, framework, guidelines, Hot stuff, NIST, supply chain, Video /

Integrating software supply chain security in DevSecOps CI/CD pipelines 2024-03-04 at 07:01 By Help Net Security NIST released its final guidelines for integrating software supply chain security in DevSecOps CI/CD pipelines (SP 800-204D). In this Help Net Security video, Henrik Plate, Security Researcher at Endor Labs, talks about this report, which provides actionable measures to

React to this headline:

Loading spinner

Integrating software supply chain security in DevSecOps CI/CD pipelines Read More »

New compensation trends in the cybersecurity sector

Artico Search, cybersecurity, Don't miss, education, Hot stuff, IANS, News, report, survey /

New compensation trends in the cybersecurity sector 2024-03-04 at 06:31 By Help Net Security For several years, cybersecurity leaders have grappled with talent shortages in crucial cyber roles. In the face of escalating financial requirements and expanding responsibilities, these leaders are under heightened pressure to achieve more with fewer resources, creating roles encompassing multiple security

React to this headline:

Loading spinner

New compensation trends in the cybersecurity sector Read More »

JCDC’s strategic shift: Prioritizing cyber hardening

APT, Artificial Intelligence, CISA, critical infrastructure, cybersecurity, Don't miss, Features, Government, Hot stuff, NCSC, News, opinion, Ransomware, strategy, Xage Security /

JCDC’s strategic shift: Prioritizing cyber hardening 2024-03-01 at 08:01 By Mirko Zorz In this Help Net Security interview, Geoffrey Mattson, CEO of Xage Security, discusses the evolution of the Joint Cyber Defense Collaborative (JCDC) since its 2021 inception and tackles its 2024 strategic priorities in response to escalating cyber threats. He elaborates on JCDC’s strategies

React to this headline:

Loading spinner

JCDC’s strategic shift: Prioritizing cyber hardening Read More »

Key areas that will define the intersection of AI and DevOps

Artificial Intelligence, Compliance, cybersecurity, DevOps, Don't miss, Eficode, framework, generative AI, Hot stuff, policy, regulation, Video /

Key areas that will define the intersection of AI and DevOps 2024-03-01 at 07:33 By Help Net Security Eficode research indicates that 96% of developers use AI tools, with most coders bypassing security policies to use them. With no standardized AI tool regulations, researchers advocate for stronger governance frameworks and AI security policies in organizations’

React to this headline:

Loading spinner

Key areas that will define the intersection of AI and DevOps Read More »

Airbnb scammers pose as hosts, redirect users to fake Tripadvisor site

Don't miss, hospitality industry, Hot stuff, Malwarebytes, News, scams, social engineering, URL shorteners /

Airbnb scammers pose as hosts, redirect users to fake Tripadvisor site 2024-02-29 at 16:19 By Helga Labus Scammers on Airbnb are faking technical issues and citing higher fees to get users to a spoofed Tripadvisor website and steal their money. The Airbnb scam Malwarebytes researchers came across the Airbnb scam when trying to book an

React to this headline:

Loading spinner

Airbnb scammers pose as hosts, redirect users to fake Tripadvisor site Read More »

ALPHV/BlackCat threatens to leak data stolen in Change Healthcare cyberattack

CISA, cyberattack, Don't miss, FBI, healthcare, Hot stuff, News, Ransomware /

ALPHV/BlackCat threatens to leak data stolen in Change Healthcare cyberattack 2024-02-29 at 14:46 By Helga Labus The ALPHV/BlackCat ransomware group has claimed responsibility for the cyberattack that targeted Optum, a subsidiary of UnitedHealth Group (UHG), causing disruption to the Change Healthcare platform and affecting pharmacy transactions across the US. ALPHV/BlackCat is back Last December, US

React to this headline:

Loading spinner

ALPHV/BlackCat threatens to leak data stolen in Change Healthcare cyberattack Read More »

Kali Linux 2024.1 released: New tools, new look, new Kali Nethunter kernels

Don't miss, Hot stuff, Kali Linux, News, OffSec, penetration testing /

Kali Linux 2024.1 released: New tools, new look, new Kali Nethunter kernels 2024-02-29 at 12:35 By Zeljka Zorz OffSec has released Kali Linux 2024.1, the latest version of its popular penetration testing and digital forensics platform. The new version comes with new tools, a fresh look (themes, wallpapers and icons for Kali and Kali Purple),

React to this headline:

Loading spinner

Kali Linux 2024.1 released: New tools, new look, new Kali Nethunter kernels Read More »

BobTheSmuggler: Open-source tool for undetectable payload delivery

cybersecurity, Don't miss, GitHub, Hot stuff, News, open source, penetration testing, software /

BobTheSmuggler: Open-source tool for undetectable payload delivery 2024-02-29 at 08:03 By Mirko Zorz BobTheSmuggler is an open-source tool designed to easily compress, encrypt, and securely transport your payload. It basically enables you to hide a payload in plain sight. BobTheSmuggler is helpful in phishing campaign assessments, data exfiltration exercises, and assumed breach scenarios. Features Hiding

React to this headline:

Loading spinner

BobTheSmuggler: Open-source tool for undetectable payload delivery Read More »

How organizations can navigate identity security risks in 2024

access management, authentication, CISO, cloud security, cybersecurity, Don't miss, Features, Hot stuff, hybrid IT, identity management, News, opinion, SaaS, strategy, tips, Zilla Security /

How organizations can navigate identity security risks in 2024 2024-02-29 at 07:34 By Mirko Zorz Managing IAM challenges in hybrid IT environments requires a holistic approach, integrating solutions and automating processes to ensure effective access controls and operational efficiency. In this Help Net Security interview, Deepak Taneja, CEO of Zilla Security, discusses identity security risks

React to this headline:

Loading spinner

How organizations can navigate identity security risks in 2024 Read More »

Inside the book: Androids – The Team That Built the Android Operating System

Android, book, cybersecurity, Don't miss, Google, Hot stuff, No Starch Press, open source, operating system, Video /

Inside the book: Androids – The Team That Built the Android Operating System 2024-02-29 at 07:03 By Help Net Security In 2004, Android was two people who wanted to build camera software but couldn’t get investors interested. Android is a large team at Google today, delivering an OS to over 3 billion devices worldwide. In

React to this headline:

Loading spinner

Inside the book: Androids – The Team That Built the Android Operating System Read More »

Scroll to Top