Hot stuff - Security Ticks

Strategies for CISOs navigating hybrid and multi-cloud security

CISO, cloud security, Compliance, cybersecurity, Don't miss, Features, Hot stuff, Mirantis, misconfiguration, News, opinion, regulation, tips / SecurityTicks

Strategies for CISOs navigating hybrid and multi-cloud security 2024-11-11 at 07:11 By Mirko Zorz In this Help Net Security interview, Alex Freedland, CEO at Mirantis, discusses the cloud security challenges that CISOs need to tackle as multi-cloud and hybrid environments become the norm. He points out the expanded attack surfaces, the importance of consistent security […]

React to this headline:

Strategies for CISOs navigating hybrid and multi-cloud security Read More »

Setting a security standard: From vulnerability to exposure management

cybersecurity, CyCognito, Don't miss, Hot stuff, Risk Management, security standard, Video / SecurityTicks

Setting a security standard: From vulnerability to exposure management 2024-11-11 at 06:36 By Help Net Security Vulnerability management has been the standard approach to fending off cyber threats for years. Still, it falls short by focusing on a limited number of vulnerabilities, often resolving only 1% to 20% of issues. In 2024, with the average

React to this headline:

Setting a security standard: From vulnerability to exposure management Read More »

Critical Palo Alto Networks Expedition bug exploited (CVE-2024-5910)

CVE, Don't miss, Horizon3.ai, Hot stuff, News, Palo Alto Networks, PoC, vulnerability / SecurityTicks

Critical Palo Alto Networks Expedition bug exploited (CVE-2024-5910) 2024-11-08 at 13:36 By Zeljka Zorz A vulnerability (CVE-2024-5910) in Palo Alto Networks Expedition, a firewall configuration migration tool, is being exploited by attackers in the wild, the Cybersecurity and Infrastructure Security Agency (CISA) confirmed on Thursday. About CVE-2024-5910 Unearthed and reported by Brian Hysell of Synopsys

React to this headline:

Critical Palo Alto Networks Expedition bug exploited (CVE-2024-5910) Read More »

Apple’s 45-day certificate proposal: A call to action

apple, certificates, cybersecurity, Don't miss, Expert analysis, Expert corner, Hot stuff, identity, News, opinion, Venafi / SecurityTicks

Apple’s 45-day certificate proposal: A call to action 2024-11-08 at 08:00 By Help Net Security In a bold move, Apple has published a draft ballot for commentary to GitHub to shorten Transport Layer Security (TLS) certificates down from 398 days to just 45 days by 2027. The Apple proposal will likely go up for a

React to this headline:

Apple’s 45-day certificate proposal: A call to action Read More »

Am I Isolated: Open-source container security benchmark

containers, Don't miss, Edera, GitHub, Hot stuff, Kubernetes, News, open source, software / SecurityTicks

Am I Isolated: Open-source container security benchmark 2024-11-08 at 07:30 By Mirko Zorz Am I Isolated is an open-source container security benchmark that probes users’ runtime environments and tests for container isolation. The Rust-based container runtime scanner runs as a container, detecting gaps in users’ container runtime isolation. It also provides guidance to improve users’

React to this headline:

Am I Isolated: Open-source container security benchmark Read More »

Industrial companies in Europe targeted with GuLoader

Cado Security, Don't miss, Europe, Hot stuff, Malware, News, spear-phishing / SecurityTicks

Industrial companies in Europe targeted with GuLoader 2024-11-07 at 15:48 By Zeljka Zorz A recent spear-phishing campaign targeting industrial and engineering companies in Europe was aimed at saddling victims with the popular GuLoader downloader and, ultimately, a remote access trojan that would permit attackers to steal information from and access compromised computers whenever they wish.

React to this headline:

Industrial companies in Europe targeted with GuLoader Read More »

North Korean hackers employ new tactics to compromise crypto-related businesses

APT, backdoor, Cryptocurrency, Don't miss, financial industry, Hot stuff, macOS, Malware, News, North Korea, phishing, SentinelOne / SecurityTicks

North Korean hackers employ new tactics to compromise crypto-related businesses 2024-11-07 at 13:49 By Zeljka Zorz North Korean hackers are targeting crypto-related businesses with phishing emails and novel macOS-specific malware. The crypto-related phishing campaign Since July 2024, phishing emails seemingly containing helpful information on risks related to the rise of the price of Bitcoin have

React to this headline:

North Korean hackers employ new tactics to compromise crypto-related businesses Read More »

Critical vulnerability in Cisco industrial wireless access points fixed (CVE-2024-20418)

access point, Cisco, CVE, Don't miss, energy sector, Hot stuff, manufacturing sector, maritime industry, News, vulnerability / SecurityTicks

Critical vulnerability in Cisco industrial wireless access points fixed (CVE-2024-20418) 2024-11-07 at 11:33 By Zeljka Zorz Cisco has fixed a critical command injection vulnerability (CVE-2024-20418) affecting its Ultra-Reliable Wireless Backhaul (URWB) Access Points that can be exploited via a HTTP requests and allows complete compromise of the devices. There are no workarounds to address this

React to this headline:

Critical vulnerability in Cisco industrial wireless access points fixed (CVE-2024-20418) Read More »

How AI will shape the next generation of cyber threats

API security, Artificial Intelligence, attacks, Compliance, cybercriminals, cybersecurity, Don't miss, Features, Hot stuff, News, opinion, Prismatic, regulation, strategy / SecurityTicks

How AI will shape the next generation of cyber threats 2024-11-07 at 08:08 By Mirko Zorz In this Help Net Security interview, Buzz Hillestad, CISO at Prismatic, discusses how AI’s advancement reshapes cybercriminal skillsets and lowers entry barriers for potential attackers. Hillestad highlights that, as AI tools become more accessible, organizations must adapt their defenses

React to this headline:

How AI will shape the next generation of cyber threats Read More »

AWS security essentials for managing compliance, data protection, and threat detection

AWS, cloud security, Don't miss, Hot stuff, monitoring, News, strategy, threat monitoring, tips / SecurityTicks

AWS security essentials for managing compliance, data protection, and threat detection 2024-11-07 at 07:03 By Help Net Security AWS offers a comprehensive suite of security tools to help organizations manage compliance, protect sensitive data, and detect threats within their environments. From AWS Security Hub and Amazon GuardDuty to Amazon Macie and AWS Config, each tool

React to this headline:

AWS security essentials for managing compliance, data protection, and threat detection Read More »

Consumer privacy risks of data aggregation: What should organizations do?

cybersecurity, Data Protection, Don't miss, Expert analysis, Expert corner, Hot stuff, LOKKER, News, opinion, Privacy, regulation, risk / SecurityTicks

Consumer privacy risks of data aggregation: What should organizations do? 2024-11-07 at 06:48 By Help Net Security In September 2024, the Federal Trade Commission (FTC) released an eye-opening report that digs into the data habits of nine major tech giants, including Amazon (Twitch), ByteDance (TikTok), Discord, Facebook, Reddit, Snap, Twitter, WhatsApp, and YouTube. The findings

React to this headline:

Consumer privacy risks of data aggregation: What should organizations do? Read More »

All Google Cloud users will have to enable MFA by 2025

account protection, cloud security, Don't miss, Google Cloud, Hot stuff, MFA, News / SecurityTicks

All Google Cloud users will have to enable MFA by 2025 2024-11-06 at 17:07 By Zeljka Zorz Google has announced that, by the end of 2025, multi-factor authentication (MFA) – aka 2-step verification – will become mandatory for all Google Cloud accounts. “Given the sensitive nature of cloud deployments — and with phishing and stolen

React to this headline:

All Google Cloud users will have to enable MFA by 2025 Read More »

GoZone ransomware accuses and threatens victims

Don't miss, Elastio, Hot stuff, News, Ransomware, SonicWall, Windows / SecurityTicks

GoZone ransomware accuses and threatens victims 2024-11-06 at 13:06 By Zeljka Zorz A new ransomware dubbed GoZone is being leveraged by attackers that don’t seem to be very greedy: they are asking the victims to pay just $1,000 in Bitcoin if they want their files decrypted. The GoZone HTML ransom note (Source: SonicWall) The ransom

React to this headline:

GoZone ransomware accuses and threatens victims Read More »

The cybersecurity gender gap: How diverse teams improve threat response

cybersecurity, Don't miss, education, Features, Hot stuff, LinkedIn, News, opinion, skill development, training / SecurityTicks

The cybersecurity gender gap: How diverse teams improve threat response 2024-11-06 at 07:33 By Mirko Zorz In this Help Net Security interview, Julie Madhusoodanan, Head of CyberSecurity at LinkedIn, discusses how closing the gender gap could enhance cybersecurity’s effectiveness in combating emerging threats. With women still underrepresented in cybersecurity roles, she emphasizes how diverse teams

React to this headline:

The cybersecurity gender gap: How diverse teams improve threat response Read More »

Osmedeus: Open-source workflow engine for offensive security

Don't miss, GitHub, Hot stuff, News, open source, software / SecurityTicks

Osmedeus: Open-source workflow engine for offensive security 2024-11-06 at 07:03 By Help Net Security Osmedeus is an open-source workflow engine designed for offensive security. It serves as a versatile foundation, enabling users to easily create customized reconnaissance systems and scale them across extensive target lists. Osmedeus key features Speed up your recon process Organize your

React to this headline:

Osmedeus: Open-source workflow engine for offensive security Read More »

Key cybersecurity predictions for 2025

cyberattacks, cybersecurity, Don't miss, FIRST, Hot stuff, predictions, threats, Video / SecurityTicks

Key cybersecurity predictions for 2025 2024-11-06 at 06:33 By Help Net Security In this Help Net Security video, Chris Gibson, CEO at FIRST, discusses the evolving threat landscape and provides a unique take on where data breaches and cyber attacks will be in 2025. The post Key cybersecurity predictions for 2025 appeared first on Help

React to this headline:

Key cybersecurity predictions for 2025 Read More »

Beware of phishing emails delivering backdoored Linux VMs!

backdoor, Don't miss, Hot stuff, Linux, News, phishing, Securonix, virtualization / SecurityTicks

Beware of phishing emails delivering backdoored Linux VMs! 2024-11-05 at 16:05 By Zeljka Zorz Unknown attackers are trying to trick Windows users into spinning up a custom Linux virtual machine (VM) with a pre-configured backdoor, Securonix researchers have discovered. The campaign The attack began with a phishing email, they believe, but they weren’t able to

React to this headline:

Beware of phishing emails delivering backdoored Linux VMs! Read More »

Google patches actively exploited Android vulnerability (CVE-2024-43093)

Android, CVE, Don't miss, Hot stuff, News, Samsung, security update, smartphones, vulnerability / SecurityTicks

Google patches actively exploited Android vulnerability (CVE-2024-43093) 2024-11-05 at 13:34 By Zeljka Zorz Google has delivered fixes for two vulnerabilities endangering Android users that “may be under limited, targeted exploitation”: CVE-2024-43047, a flaw affecting Qualcomm chipsets, and CVE-2024-43093, a vulnerability in the Google Play framework. The exploited vulnerabilities (CVE-2024-43047, CVE-2024-43093) Qualcomm patched CVE-2024-43047 – a

React to this headline:

Google patches actively exploited Android vulnerability (CVE-2024-43093) Read More »

Open-source software: A first attempt at organization after CRA

cybersecurity, Don't miss, EU, Expert analysis, Expert corner, Hot stuff, News, open source, opinion, regulation, The Document Foundation / SecurityTicks

Open-source software: A first attempt at organization after CRA 2024-11-05 at 08:03 By Help Net Security The open-source software (OSS) industry is developing the core software for the global infrastructure, to the point that even some proprietary software giants adopt Linux servers for their cloud services. Still, it has never been able to get organized

React to this headline:

Open-source software: A first attempt at organization after CRA Read More »

Maximizing security visibility on a budget

Artificial Intelligence, Cloud, Compliance, cybersecurity, Don't miss, Features, Forescout, Hot stuff, IoT, IT assets, network, News, opinion, security controls, zero trust / SecurityTicks

Maximizing security visibility on a budget 2024-11-05 at 07:03 By Mirko Zorz In this Help Net Security interview, Barry Mainz, CEO at Forescout, discusses the obstacles organizations encounter in attaining security visibility, particularly within cloud and hybrid environments. He explains why asset intelligence—going beyond basic visibility to understand device behavior and risk—is essential. Mainz also

React to this headline:

Maximizing security visibility on a budget Read More »