Hot stuff - Security Ticks

43 million workers potentially affected in France Travail data breach

data breach, data theft, Don't miss, EU, France, Government, Hot stuff, News / SecurityTicks

43 million workers potentially affected in France Travail data breach 2024-03-18 at 10:29 By Helga Labus French national unemployment agency France Travail (formerly Pôle emploi) and Cap emploi, a government employment service for people with disabilities, have suffered a data breach that might have exposed personal data of 43 million people. The breach The agencies […]

React to this headline:

43 million workers potentially affected in France Travail data breach Read More »

AI and the future of corporate security

access control, Artificial Intelligence, cybersecurity, Don't miss, Everbridge, fraud, Hot stuff, Insider Threat, threats, Video / SecurityTicks

AI and the future of corporate security 2024-03-15 at 06:30 By Help Net Security In this Help Net Security video, Tracy Reinhold, CSO at Everbridge, discusses why AI technology must be embraced while also exploring some guardrails that must be in place to protect organizations against threats using AI to penetrate facilities. The post AI

React to this headline:

AI and the future of corporate security Read More »

Critical FortiClient EMS vulnerability fixed, (fake?) PoC for sale (CVE-2023-48788)

Don't miss, endpoint management, Fortinet, Horizon3.ai, Hot stuff, News, PoC, SANS ISC, vulnerability / SecurityTicks

Critical FortiClient EMS vulnerability fixed, (fake?) PoC for sale (CVE-2023-48788) 2024-03-14 at 16:36 By Zeljka Zorz A recently fixed SQL injection vulnerability (CVE-2023-48788) in Fortinet’s FortiClient Endpoint Management Server (EMS) solution has apparently piqued the interest of many: Horizon3’s Attack Team means to publish technical details and a proof-of-concept exploit for it next week, and

React to this headline:

Critical FortiClient EMS vulnerability fixed, (fake?) PoC for sale (CVE-2023-48788) Read More »

PoC for critical Arcserve UDP vulnerabilities published (CVE-2024-0799, CVE-2024-0800)

Arcserve, backup, disaster recovery, Don't miss, enterprise, exploit, Hot stuff, News, PoC, SMBs, Tenable / SecurityTicks

PoC for critical Arcserve UDP vulnerabilities published (CVE-2024-0799, CVE-2024-0800) 2024-03-14 at 13:00 By Zeljka Zorz Arcserve has fixed critical security vulnerabilities (CVE-2024-0799, CVE-2024-0800) in its Unified Data Protection (UDP) solution that can be chained to upload malicious files to the underlying Windows system. Tenable researchers have published a PoC exploit script demonstrating the attack, as

React to this headline:

PoC for critical Arcserve UDP vulnerabilities published (CVE-2024-0799, CVE-2024-0800) Read More »

MobSF: Open-source security research platform for mobile apps

Android, code analysis, cybersecurity, Don't miss, GitHub, Hot stuff, iOS, mobile, mobile apps, mobile devices, News, open source, software / SecurityTicks

MobSF: Open-source security research platform for mobile apps 2024-03-14 at 07:30 By Mirko Zorz The Mobile Security Framework (MobSF) is an open-source research platform for mobile application security, encompassing Android, iOS, and Windows Mobile. MobSF can be used for mobile app security assessment, penetration testing, malware analysis, and privacy evaluation. The Static Analyzer is adept

React to this headline:

MobSF: Open-source security research platform for mobile apps Read More »

How teams can improve incident recovery time to minimize damages

automation, communication, cyberattacks, cybersecurity, disaster recovery, Don't miss, Hot stuff, Incident Response, ShadowHQ, Video / SecurityTicks

How teams can improve incident recovery time to minimize damages 2024-03-14 at 06:30 By Help Net Security With breach recovery costs skyrocketing, speeding time to recovery to minimize downtime and losses should be top of mind for security leaders. Yet, most focus on adding more prevention and detection tools. In this Help Net Security video,

React to this headline:

How teams can improve incident recovery time to minimize damages Read More »

The effects of law enforcement takedowns on the ransomware landscape

botnet, Don't miss, Hot stuff, law enforcement, News, Ransomware, RedSense, Symantec, trends / SecurityTicks

The effects of law enforcement takedowns on the ransomware landscape 2024-03-13 at 17:03 By Zeljka Zorz While the results of law enforcement action against ransomware-as-a-service operators Alphv/BlackCat and LockBit are yet to be fully realized, the August 2023 disruption of the Qakbot botnet has had one notable effect: ransomware affiliates have switched to vulnerability exploitation

React to this headline:

The effects of law enforcement takedowns on the ransomware landscape Read More »

BSAM: Open-source methodology for Bluetooth security assessment

Bluetooth, Bluetooth Low Energy, consumer, Don't miss, enterprise, Hot stuff, News, security auditing, SMBs, Tarlogic, vulnerability, wireless / SecurityTicks

BSAM: Open-source methodology for Bluetooth security assessment 2024-03-13 at 08:39 By Zeljka Zorz Many wireless headsets using Bluetooth technology have vulnerabilities that may allow malicious individuals to covertly listen in on private conversations, Tarlogic Security researchers have demonstrated last week at RootedCON in Madrid. “Many of the examples presented during the conference were real tests

React to this headline:

BSAM: Open-source methodology for Bluetooth security assessment Read More »

LastPass’ CIO vision for driving business strategy, innovation

Artificial Intelligence, CIO, cybersecurity, data management, digital transformation, Don't miss, Features, Hot stuff, LastPass, News, opinion, Privacy, regulation, strategy, tips / SecurityTicks

LastPass’ CIO vision for driving business strategy, innovation 2024-03-13 at 08:39 By Mirko Zorz Recently, LastPass appointed Asad Siddiqui as its CIO. He brings over two decades of experience leading startups and large technology organizations. It was the perfect time for Help Net Security to find out what’s next for Siddiqui in his new role

React to this headline:

LastPass’ CIO vision for driving business strategy, innovation Read More »

The most concerning risks for 2024 and beyond

Artificial Intelligence, attacks, burnout, cloud security, Compliance, cybersecurity, Don't miss, generative AI, Hot stuff, Incident Response, Ransomware, risk, Tanium, Video / SecurityTicks

The most concerning risks for 2024 and beyond 2024-03-13 at 07:13 By Help Net Security In this Help Net Security video, Melissa Bischoping, Director, Endpoint Security Research at Tanium, discusses the most concerning risks for 2024 and beyond, from both an internal and external perspective. The post The most concerning risks for 2024 and beyond

React to this headline:

The most concerning risks for 2024 and beyond Read More »

March 2024 Patch Tuesday: Microsoft fixes critical bugs in Windows Hyper-V

Automox, Don't miss, Hot stuff, Microsoft, Microsoft Exchange, News, Patch Tuesday, security update, Tenable, Trend Micro, Windows / SecurityTicks

March 2024 Patch Tuesday: Microsoft fixes critical bugs in Windows Hyper-V 2024-03-12 at 22:11 By Zeljka Zorz On this March 2024 Patch Tuesday, Microsoft has released fixes for 59 CVE-numbered vulnerabilities, but – welcome news! – none of them are currently publicly known or actively exploited. Last month, though, several days after Patch Tuesday, the

React to this headline:

March 2024 Patch Tuesday: Microsoft fixes critical bugs in Windows Hyper-V Read More »

Hackers leverage 1-day vulnerabilities to deliver custom Linux malware

backdoor, Check Point, Don't miss, exploit, Hot stuff, Linux, Malware, News, vulnerability, Windows / SecurityTicks

Hackers leverage 1-day vulnerabilities to deliver custom Linux malware 2024-03-12 at 11:01 By Helga Labus A financially motivated threat actor is using known vulnerabilities to target public-facing services and deliver custom malware to unpatched Windows and Linux systems. Among the exploited vulnerabilities are also two recently discovered Ivanti Connect Secure VPN flaws that are widely

React to this headline:

Hackers leverage 1-day vulnerabilities to deliver custom Linux malware Read More »

How advances in AI are impacting business cybersecurity

access control, Artificial Intelligence, cybersecurity, Don't miss, Expert analysis, Expert corner, Forcepoint, Hot stuff, News, opinion, policy, risk / SecurityTicks

How advances in AI are impacting business cybersecurity 2024-03-12 at 07:52 By Help Net Security While ChatGPT and Bard have proven to be valuable tools for developers, marketers, and consumers, they also carry the risk of unintentionally exposing sensitive and confidential data. From a security point of view, it always pays to think one step

React to this headline:

How advances in AI are impacting business cybersecurity Read More »

Cybersecurity jobs available right now: March 12, 2024

cybersecurity jobs, Don't miss, Hot stuff, News / SecurityTicks

Cybersecurity jobs available right now: March 12, 2024 2024-03-12 at 07:52 By Mirko Zorz CISO / Head of Enterprise IT Stitch Fix | USA | Remote – View job details Reporting directly to the Chief Product and Technology Officer, you will oversee all aspects of information security, including cloud security, DevSecOps, security operations, and security

React to this headline:

Cybersecurity jobs available right now: March 12, 2024 Read More »

Tax-related scams escalate as filing deadline approaches

Cisco, Don't miss, fraud, Hot stuff, identity theft, IRS, Malwarebytes, News, scams, tax e-filing, trends, USA, Webroot / SecurityTicks

Tax-related scams escalate as filing deadline approaches 2024-03-12 at 07:18 By Helga Labus As the April 15, 2024 tax filing deadline approaches in the US, some old and some new tax-related scams targeting both taxpayers and tax professionals. Tax-related scams targeting taxpayers With taxpayers rushing to file their personal federal income tax return, scammers are

React to this headline:

How organizations can keep up with shifting data privacy regulations

Compliance, cybersecurity, data, digital transformation, Don't miss, Encryption, Hot stuff, key management, Privacy, regulation, Thales, Video / SecurityTicks

How organizations can keep up with shifting data privacy regulations 2024-03-12 at 06:31 By Help Net Security With no sign of regulations slowing down, enterprises struggle to keep pace with the rapid changes. According to a recent NTT Data survey of business executives, 3 in 4 organizations can’t keep up with data regulations, holding them

React to this headline:

How organizations can keep up with shifting data privacy regulations Read More »

Microsoft: Russian hackers accessed internal systems, code repositories

account hijacking, APT, brute-force, Don't miss, government-backed attacks, Hot stuff, IBM X-Force, Microsoft, News / SecurityTicks

Microsoft: Russian hackers accessed internal systems, code repositories 2024-03-11 at 14:14 By Zeljka Zorz Midnight Blizzard (aka APT29), a group of Russian hackers tied to the country’s Foreign Intelligence Service (SVR), has leveraged information stolen from Microsoft corporate email systems to burrow into the company’s source code repositories and internal systems. “It is apparent that

React to this headline:

Microsoft: Russian hackers accessed internal systems, code repositories Read More »

Transitioning to memory-safe languages: Challenges and considerations

code, cybersecurity, Don't miss, education, Features, Hot stuff, News, OpenSSF, opinion, programming, regulation, software development / SecurityTicks

Transitioning to memory-safe languages: Challenges and considerations 2024-03-11 at 09:07 By Mirko Zorz In this Help Net Security interview, Omkhar Arasaratnam, General Manager at the Open Source Security Foundation (OpenSSF), discusses the evolution of memory-safe programming languages and their emergence in response to the limitations of languages like C and C++. Memory safety concerns, prevailing

React to this headline:

Transitioning to memory-safe languages: Challenges and considerations Read More »

10 free cybersecurity guides you might have missed

CISA, CISO, critical infrastructure, cyber resilience, Department of Defense, Don't miss, Government, guide, Hot stuff, how-to, News, phishing, Ransomware, skill development, SMBs, strategy, tips, USA / SecurityTicks

10 free cybersecurity guides you might have missed 2024-03-11 at 09:07 By Help Net Security This collection of free cybersecurity guides covers a broad range of topics, from resources for developing cybersecurity programs to specific guides for various sectors and organizations. Whether you work for a small business, a large corporation, or a specific industry,

React to this headline:

10 free cybersecurity guides you might have missed Read More »

Email security trends in the energy and infrastructure sector

Abnormal Security, attacks, BEC scams, critical infrastructure, cybersecurity, Don't miss, Email, email security, energy sector, Hot stuff, risk, Video / SecurityTicks

Email security trends in the energy and infrastructure sector 2024-03-11 at 09:07 By Help Net Security In this Help Net Security video, Mike Britton, CISO at Abnormal Security, discusses how energy and infrastructure organizations face an increased risk of business email compromise and vendor email compromise attacks. According to Abnormal Security data, from February 2023

React to this headline:

Email security trends in the energy and infrastructure sector Read More »