Hot stuff

MISP: Open-source threat intelligence and sharing platform

Don't miss, GitHub, Hot stuff, malware analysis, News, open source, SIEM, software, Threat Intelligence /

MISP: Open-source threat intelligence and sharing platform 2024-08-05 at 07:01 By Help Net Security MISP is an open-source threat intelligence and sharing platform for collecting, storing, distributing, and sharing cybersecurity indicators and threats related to incident and malware analysis. MISP is designed by and for cybersecurity, ICT professionals, and malware reversers to support their daily […]

MISP: Open-source threat intelligence and sharing platform Read More »

How life sciences companies use AI to fill the cybersecurity skills gap

Artificial Intelligence, Code42, cybersecurity, Don't miss, Hot stuff, skill development, Video /

How life sciences companies use AI to fill the cybersecurity skills gap 2024-08-05 at 06:31 By Help Net Security In this Help Net Security video, Beth Miller, Field CISO at Code42, highlights a significant trend: 73% of life sciences companies turn to AI to address the cybersecurity skills gap, surpassing adoption rates in other industries.

How life sciences companies use AI to fill the cybersecurity skills gap Read More »

Threat intelligence: A blessing and a curse?

automation, cybersecurity, Cyware, data, Don't miss, Expert analysis, Expert corner, Hot stuff, News, opinion, Threat Intelligence /

Threat intelligence: A blessing and a curse? 2024-08-01 at 07:31 By Help Net Security Access to timely and accurate threat intelligence is now core to security operations for many organizations. Today, it seems that security teams are blessed with an abundance of data and intelligence feeds to choose from. However, selecting the right information from

Threat intelligence: A blessing and a curse? Read More »

Why CISOs face greater personal liability

CISO, communication, cyber resilience, cybersecurity, Don't miss, Features, Hot stuff, Insurance, News, opinion, Veritas Technologies /

Why CISOs face greater personal liability 2024-08-01 at 07:01 By Mirko Zorz In this Help Net Security interview, Christos Tulumba, CISO at Veritas Technologies, discusses the key factors contributing to increased personal liability risks for CISOs. These risks are driven by heightened cybersecurity threats, evolving regulations, and increased public awareness of security breaches. Tulumba also

Why CISOs face greater personal liability Read More »

Practical strategies to mitigate risk and secure SAP environments

cybersecurity, Don't miss, Hot stuff, Onapsis, Video /

Practical strategies to mitigate risk and secure SAP environments 2024-08-01 at 06:31 By Help Net Security Large companies use ERP applications to manage business processes, including payroll and financial planning. This is precisely why bad actors are taking a renewed interest in these legacy systems – and succeeding. In this Help Net Security video, JP

Practical strategies to mitigate risk and secure SAP environments Read More »

Microsoft: DDoS defense error amplified attack on Azure, leading to outage

botnet, DDoS, Don't miss, Hot stuff, Microsoft, Microsoft 365, Microsoft Azure, News /

Microsoft: DDoS defense error amplified attack on Azure, leading to outage 2024-07-31 at 13:46 By Zeljka Zorz A DDoS attack that started on Tuesday has made a number of Microsoft Azure and Microsoft 365 services temporarily inaccessible, the company has confirmed. Microsoft’s mitigation statement on the Azure status history page Microsoft Azure, 365 outage triggered

Microsoft: DDoS defense error amplified attack on Azure, leading to outage Read More »

What CISOs need to keep CEOs (and themselves) out of jail

CEO, CISO, communication, cybersecurity, Don't miss, Expert analysis, Expert corner, Gutsy, Hot stuff, monitoring, News, opinion, security controls /

What CISOs need to keep CEOs (and themselves) out of jail 2024-07-31 at 07:32 By Help Net Security Former Uber CISO Joe Sullivan, who was convicted for attempting to cover up a data breach Uber suffered in 2016, recently posited that in the very near future, CEOs might find themselves held directly responsible for cybersecurity

What CISOs need to keep CEOs (and themselves) out of jail Read More »

Secretive: Open-source app for storing and managing SSH keys in the Secure Enclave

Don't miss, GitHub, Hot stuff, macOS, News, open source, software /

Secretive: Open-source app for storing and managing SSH keys in the Secure Enclave 2024-07-31 at 07:02 By Help Net Security Secretive is an open-source, user-friendly app designed to store and manage SSH keys within the Secure Enclave. Typically, SSH keys are stored on disk with appropriate permissions, which is usually sufficient. However, it’s not overly

Secretive: Open-source app for storing and managing SSH keys in the Secure Enclave Read More »

Leveraging dynamic configuration for seamless and compliant software changes

Artificial Intelligence, code, Compliance, configuration management, cybersecurity, Don't miss, Features, Hot stuff, Lekko, News, opinion, regulation, risk assessment /

Leveraging dynamic configuration for seamless and compliant software changes 2024-07-31 at 06:01 By Mirko Zorz In this Help Net Security interview, Konrad Niemiec, CEO and Founder of Lekko, discusses the benefits of dynamic configuration in preventing system outages and enabling faster response times during incidents. Niemiec explains how dynamic configuration evolves feature flagging, supports operational

Leveraging dynamic configuration for seamless and compliant software changes Read More »

VMware ESXi auth bypass zero-day exploited by ransomware operators (CVE-2024-37085)

CVE, Don't miss, enterprise, Hot stuff, Microsoft, News, Ransomware, virtualization, VMWare, vulnerability /

VMware ESXi auth bypass zero-day exploited by ransomware operators (CVE-2024-37085) 2024-07-30 at 14:01 By Zeljka Zorz Ransomware operators have been leveraging CVE-2024-37085, an authentication bypass vulnerability affecting Active Directory domain-joined VMware ESXi hypervisors, to gain full administrative access to them and encrypt their file system. VMware owner Broadcom has released a fix for CVE-2024-37085 on

VMware ESXi auth bypass zero-day exploited by ransomware operators (CVE-2024-37085) Read More »

Review: Action1 – Simple and powerful patch management

Action1, cybersecurity, Don't miss, Hot stuff, MFA, News, patching, Review, Reviews, SaaS, software /

Review: Action1 – Simple and powerful patch management 2024-07-30 at 07:16 By Help Net Security Although endpoint anti-malware and other security controls are now standard at the operating system level, keeping all endpoint software up-to-date and secure remains an open issue for many organizations. Patch management is not yet a commodity, and substantial improvements can

Review: Action1 – Simple and powerful patch management Read More »

Securing remote access to mission-critical OT assets

Claroty, cybersecurity, Don't miss, Features, Hot stuff, News, opinion, remote access, threats /

Securing remote access to mission-critical OT assets 2024-07-30 at 07:01 By Mirko Zorz In this Help Net Security interview, Grant Geyer, Chief Strategy Officer at Claroty, discusses the prevalent vulnerabilities in Windows-based engineering workstations (EWS) and human-machine interfaces (HMI) within OT environments. Geyer also addresses the challenges and solutions for securing remote access to critical

Securing remote access to mission-critical OT assets Read More »

Coding practices: The role of secure programming languages

Don't miss, Hot stuff, News, NIST, software development, tips /

Coding practices: The role of secure programming languages 2024-07-30 at 06:31 By Mirko Zorz Safety and quality are not features that can be added through testing — they must be integral to the design. Opting for a safer or more secure language or language subset during implementation can eliminate entire categories of vulnerabilities. The Software

Coding practices: The role of secure programming languages Read More »

Some good may come out of the CrowdStrike outage

Bitdefender, CrowdStrike, Don't miss, Endpoint Security, Fortinet, fraud, Hot stuff, Malware, Microsoft, News, SecureWorks, Trellix, UpGuard, Windows /

Some good may come out of the CrowdStrike outage 2024-07-29 at 19:31 By Zeljka Zorz Estimated financial losses due to the recent massive IT outage triggered by the faulty CrowdStrike update are counted in billions, but the unfortunate incident is having several positive effects, as well. Some silver linings As CrowdStrike was forced to explain,

Some good may come out of the CrowdStrike outage Read More »

Critical Acronis Cyber Infrastructure vulnerability exploited in the wild (CVE-2023-45249)

Acronis, CVE, Don't miss, Hot stuff, MSP, News, storage, vulnerability /

Critical Acronis Cyber Infrastructure vulnerability exploited in the wild (CVE-2023-45249) 2024-07-29 at 15:46 By Zeljka Zorz CVE-2023-45249, a critical vulnerability affecting older versions of Acronis Cyber Infrastructure, is being exploited by attackers. About Acronis Cyber Infrastructure Acronis is a privately held Swiss cybersecurity and data protection technology company. Acronis Cyber Infrastructure (ACI) is an IT

Critical Acronis Cyber Infrastructure vulnerability exploited in the wild (CVE-2023-45249) Read More »

eBook: 20 tips for secure cloud migration

Don't miss, Hot stuff, ISC2, News, Whitepapers and webinars /

eBook: 20 tips for secure cloud migration 2024-07-29 at 13:16 By Help Net Security More organizations rely on cloud platforms to reap the benefits of scalability, flexibility, availability, and reduced costs. However, cloud environments come with security challenges and vulnerabilities. The Thales 2020 Data Threat Report indicates that 49% of global respondents experienced a breach

eBook: 20 tips for secure cloud migration Read More »

Microsoft 365 users targeted by phishers abusing Microsoft Forms

Adobe, Don't miss, Hot stuff, Microsoft 365, News, Perception Point, phishing /

Microsoft 365 users targeted by phishers abusing Microsoft Forms 2024-07-29 at 12:16 By Zeljka Zorz There has been an uptick in phishing campaigns leveraging Microsoft Forms this month, aiming to trick targets into sharing their Microsoft 365 login credentials. A malicious Microsoft form (Source: Perception Point) Malicious forms leading to phishing pages impersonating Microsoft 365

Microsoft 365 users targeted by phishers abusing Microsoft Forms Read More »

Enhancing threat detection for GenAI workloads with cloud attack emulation

Cloud, cloud security, cybersecurity, Don't miss, Expert analysis, Expert corner, generative AI, Hot stuff, Mitigant, News, opinion, threat detection /

Enhancing threat detection for GenAI workloads with cloud attack emulation 2024-07-29 at 08:01 By Help Net Security Cloud GenAI workloads inherit pre-existing cloud security challenges, and security teams must proactively evolve innovative security countermeasures, including threat detection mechanisms. Traditional cloud threat detection Threat detection systems are designed to allow early detection of potential security breaches;

Enhancing threat detection for GenAI workloads with cloud attack emulation Read More »

Cirrus: Open-source Google Cloud forensic collection

cloud security, computer forensics, cybersecurity, digital forensics, Don't miss, GitHub, Hot stuff, News, open source, software, Sygnia /

Cirrus: Open-source Google Cloud forensic collection 2024-07-29 at 07:16 By Mirko Zorz Cirrus is an open-source Python-based tool designed to streamline Google Cloud forensic evidence collection. It can streamline environment access and evidence collection in investigations involving Google Workspace and GCP. The tool simplifies incident response activities and enhances an organization’s security posture. Key features

Cirrus: Open-source Google Cloud forensic collection Read More »

Why a strong patch management strategy is essential for reducing business risk

cyber risk, cybersecurity, Don't miss, Features, Hot stuff, News, opinion, patching, Qualys /

Why a strong patch management strategy is essential for reducing business risk 2024-07-29 at 07:01 By Mirko Zorz In this Help Net Security interview, Eran Livne, Senior Director of Product Management, Endpoint Remediation at Qualys and Thomas Scheffler, Security Operations Manager of Cintas Corporation, discuss their experiences with automated patch management. Scheffler details how Cintas

Why a strong patch management strategy is essential for reducing business risk Read More »

Scroll to Top