Hot stuff

Critical vulnerabilities in TeamCity JetBrains fixed, release of technical details imminent, patch quickly! (CVE-2024-27198, CVE-2024-27199)

continuous integration, DevOps, Don't miss, Hot stuff, JetBrains, News, Rapid7, security update, software development, vulnerability /

Critical vulnerabilities in TeamCity JetBrains fixed, release of technical details imminent, patch quickly! (CVE-2024-27198, CVE-2024-27199) 2024-03-04 at 18:07 By Zeljka Zorz JetBrains has fixed two critical security vulnerabilities (CVE-2024-27198, CVE-2024-27199) affecting TeamCity On-Premises and is urging customers to patch them immediately. “Rapid7 originally identified and reported these vulnerabilities to us and has chosen to adhere […]

Critical vulnerabilities in TeamCity JetBrains fixed, release of technical details imminent, patch quickly! (CVE-2024-27198, CVE-2024-27199) Read More »

GitHub push protection now on by default for public repositories

Data leak, Don't miss, GitHub, Hot stuff, News, open source /

GitHub push protection now on by default for public repositories 2024-03-04 at 16:15 By Zeljka Zorz GitHub push protection – a security feature aimed at preventing secrets such as API keys or tokens getting accidentally leaked online – is being switched on by default for all public repositories. “This means that when a supported secret

GitHub push protection now on by default for public repositories Read More »

Phishers target FCC, crypto holders via fake Okta SSO pages

Cryptocurrency, Don't miss, fcc, Hot stuff, Lookout, News, Okta, phishing, SSO /

Phishers target FCC, crypto holders via fake Okta SSO pages 2024-03-04 at 14:46 By Helga Labus A new phishing campaign is using fake Okta single sign-on (SSO) pages for the Federal Communications Commission (FCC) and for various cryptocurrency platforms to target users and employees, Lookout researchers have discovered. The phishing campaign By pretending to be

Phishers target FCC, crypto holders via fake Okta SSO pages Read More »

Securing software repositories leads to better OSS security

CISA, Don't miss, framework, GitHub, Hot stuff, Malware, News, open source, OpenSSF, PyPI /

Securing software repositories leads to better OSS security 2024-03-04 at 14:03 By Zeljka Zorz Malicious software packages are found on public software repositories such as GitHub, PyPI and the npm registry seemingly every day. Attackers use a number of tricks to fool developers or systems into downloading them, or they simply compromise the package developer’s

Securing software repositories leads to better OSS security Read More »

PyRIT: Open-source framework to find risks in generative AI systems

Adversa AI, AppOmni, Artificial Intelligence, cybersecurity, Don't miss, generative AI, Hot stuff, Microsoft, News, open source, Python, red team, software /

PyRIT: Open-source framework to find risks in generative AI systems 2024-03-04 at 08:02 By Mirko Zorz Python Risk Identification Tool (PyRIT) is Microsoft’s open-source automation framework that enables security professionals and machine learning engineers to find risks in generative AI systems. PyRIT has been battle-tested by Microsoft’s AI red team. It started as a collection

PyRIT: Open-source framework to find risks in generative AI systems Read More »

Integrating software supply chain security in DevSecOps CI/CD pipelines

cybersecurity, DevSecOps, Don't miss, Endor Labs, framework, guidelines, Hot stuff, NIST, supply chain, Video /

Integrating software supply chain security in DevSecOps CI/CD pipelines 2024-03-04 at 07:01 By Help Net Security NIST released its final guidelines for integrating software supply chain security in DevSecOps CI/CD pipelines (SP 800-204D). In this Help Net Security video, Henrik Plate, Security Researcher at Endor Labs, talks about this report, which provides actionable measures to

Integrating software supply chain security in DevSecOps CI/CD pipelines Read More »

New compensation trends in the cybersecurity sector

Artico Search, cybersecurity, Don't miss, education, Hot stuff, IANS, News, report, survey /

New compensation trends in the cybersecurity sector 2024-03-04 at 06:31 By Help Net Security For several years, cybersecurity leaders have grappled with talent shortages in crucial cyber roles. In the face of escalating financial requirements and expanding responsibilities, these leaders are under heightened pressure to achieve more with fewer resources, creating roles encompassing multiple security

New compensation trends in the cybersecurity sector Read More »

JCDC’s strategic shift: Prioritizing cyber hardening

APT, Artificial Intelligence, CISA, critical infrastructure, cybersecurity, Don't miss, Features, Government, Hot stuff, NCSC, News, opinion, Ransomware, strategy, Xage Security /

JCDC’s strategic shift: Prioritizing cyber hardening 2024-03-01 at 08:01 By Mirko Zorz In this Help Net Security interview, Geoffrey Mattson, CEO of Xage Security, discusses the evolution of the Joint Cyber Defense Collaborative (JCDC) since its 2021 inception and tackles its 2024 strategic priorities in response to escalating cyber threats. He elaborates on JCDC’s strategies

JCDC’s strategic shift: Prioritizing cyber hardening Read More »

Key areas that will define the intersection of AI and DevOps

Artificial Intelligence, Compliance, cybersecurity, DevOps, Don't miss, Eficode, framework, generative AI, Hot stuff, policy, regulation, Video /

Key areas that will define the intersection of AI and DevOps 2024-03-01 at 07:33 By Help Net Security Eficode research indicates that 96% of developers use AI tools, with most coders bypassing security policies to use them. With no standardized AI tool regulations, researchers advocate for stronger governance frameworks and AI security policies in organizations’

Key areas that will define the intersection of AI and DevOps Read More »

Airbnb scammers pose as hosts, redirect users to fake Tripadvisor site

Don't miss, hospitality industry, Hot stuff, Malwarebytes, News, scams, social engineering, URL shorteners /

Airbnb scammers pose as hosts, redirect users to fake Tripadvisor site 2024-02-29 at 16:19 By Helga Labus Scammers on Airbnb are faking technical issues and citing higher fees to get users to a spoofed Tripadvisor website and steal their money. The Airbnb scam Malwarebytes researchers came across the Airbnb scam when trying to book an

Airbnb scammers pose as hosts, redirect users to fake Tripadvisor site Read More »

ALPHV/BlackCat threatens to leak data stolen in Change Healthcare cyberattack

CISA, cyberattack, Don't miss, FBI, healthcare, Hot stuff, News, Ransomware /

ALPHV/BlackCat threatens to leak data stolen in Change Healthcare cyberattack 2024-02-29 at 14:46 By Helga Labus The ALPHV/BlackCat ransomware group has claimed responsibility for the cyberattack that targeted Optum, a subsidiary of UnitedHealth Group (UHG), causing disruption to the Change Healthcare platform and affecting pharmacy transactions across the US. ALPHV/BlackCat is back Last December, US

ALPHV/BlackCat threatens to leak data stolen in Change Healthcare cyberattack Read More »

Kali Linux 2024.1 released: New tools, new look, new Kali Nethunter kernels

Don't miss, Hot stuff, Kali Linux, News, OffSec, penetration testing /

Kali Linux 2024.1 released: New tools, new look, new Kali Nethunter kernels 2024-02-29 at 12:35 By Zeljka Zorz OffSec has released Kali Linux 2024.1, the latest version of its popular penetration testing and digital forensics platform. The new version comes with new tools, a fresh look (themes, wallpapers and icons for Kali and Kali Purple),

Kali Linux 2024.1 released: New tools, new look, new Kali Nethunter kernels Read More »

BobTheSmuggler: Open-source tool for undetectable payload delivery

cybersecurity, Don't miss, GitHub, Hot stuff, News, open source, penetration testing, software /

BobTheSmuggler: Open-source tool for undetectable payload delivery 2024-02-29 at 08:03 By Mirko Zorz BobTheSmuggler is an open-source tool designed to easily compress, encrypt, and securely transport your payload. It basically enables you to hide a payload in plain sight. BobTheSmuggler is helpful in phishing campaign assessments, data exfiltration exercises, and assumed breach scenarios. Features Hiding

BobTheSmuggler: Open-source tool for undetectable payload delivery Read More »

How organizations can navigate identity security risks in 2024

access management, authentication, CISO, cloud security, cybersecurity, Don't miss, Features, Hot stuff, hybrid IT, identity management, News, opinion, SaaS, strategy, tips, Zilla Security /

How organizations can navigate identity security risks in 2024 2024-02-29 at 07:34 By Mirko Zorz Managing IAM challenges in hybrid IT environments requires a holistic approach, integrating solutions and automating processes to ensure effective access controls and operational efficiency. In this Help Net Security interview, Deepak Taneja, CEO of Zilla Security, discusses identity security risks

How organizations can navigate identity security risks in 2024 Read More »

Inside the book: Androids – The Team That Built the Android Operating System

Android, book, cybersecurity, Don't miss, Google, Hot stuff, No Starch Press, open source, operating system, Video /

Inside the book: Androids – The Team That Built the Android Operating System 2024-02-29 at 07:03 By Help Net Security In 2004, Android was two people who wanted to build camera software but couldn’t get investors interested. Android is a large team at Google today, delivering an OS to over 3 billion devices worldwide. In

Inside the book: Androids – The Team That Built the Android Operating System Read More »

The CISO’s guide to reducing the SaaS attack surface

Don't miss, Hot stuff, News, Nudge Security, Whitepapers and webinars /

The CISO’s guide to reducing the SaaS attack surface 2024-02-29 at 06:02 By Help Net Security SaaS sprawl introduces security risks, operational headaches, and eye-popping subscription costs. Download this guide to learn how to implement a strategic approach to reducing your SaaS attack surface without slowing down the business. Inside the guide, you’ll find: Tools

The CISO’s guide to reducing the SaaS attack surface Read More »

European retailer Pepco loses €15.5 million in phishing (possibly BEC?) attack

BEC scams, cybercrime, Don't miss, EU, Hot stuff, News, phishing /

European retailer Pepco loses €15.5 million in phishing (possibly BEC?) attack 2024-02-28 at 16:34 By Zeljka Zorz Pepco Group has confirmed that its Hungarian business has been hit by a “sophisticated fraudulent phishing attack.” The European company, which operates shops under the Pepco, Poundland and Dealz brands, said that the company lost approximately €15.5 million

European retailer Pepco loses €15.5 million in phishing (possibly BEC?) attack Read More »

State-sponsored hackers know enterprise VPN appliances inside out

attacks, cyber espionage, Don't miss, enterprise, Fortinet, government-backed attacks, Hot stuff, Ivanti, Mandiant, News, threat, Threat Intelligence /

State-sponsored hackers know enterprise VPN appliances inside out 2024-02-28 at 14:19 By Zeljka Zorz Suspected Chinese state-sponsored hackers who have been leveraging Ivanti Connect Secure VPN flaws to breach a variety of organizations have demonstrated “a nuanced understanding of the appliance”, according to Mandiant incident responders and threat hunters. They were able to perform a

State-sponsored hackers know enterprise VPN appliances inside out Read More »

Preparing for the NIS2 Directive

Compliance, cyber hygiene, cybersecurity, Don't miss, EU, Hot stuff, strategy, supply chain, Telstra Purple, Video, vulnerability management /

Preparing for the NIS2 Directive 2024-02-28 at 08:01 By Help Net Security The EU’s NIS Directive (Directive on security of network and information systems) was established to create a higher level of cybersecurity and resilience within organizations across the member states. It was updated in January 2023 to bring more organizations into scope. Companies –

Preparing for the NIS2 Directive Read More »

AI-driven DevOps: Revolutionizing software engineering practices

Artificial Intelligence, Codium AI, Compliance, cybersecurity, DevOps, Don't miss, Features, Hot stuff, News, opinion, programming, skill development, software development /

AI-driven DevOps: Revolutionizing software engineering practices 2024-02-28 at 07:04 By Mirko Zorz In this Help Net Security interview, Itamar Friedman, CEO of Codium AI, discusses the integration of AI into DevOps practices and its impact on software development processes, particularly in automating code review, ensuring compliance, and improving efficiency. Despite the benefits, challenges in incorporating

AI-driven DevOps: Revolutionizing software engineering practices Read More »

Scroll to Top