News - Security Ticks

Citrix NetScaler bug exploited in the wild since August (CVE-2023-4966)

0-day, Citrix, Don't miss, exploit, Hot stuff, Mandiant, News, security update / SecurityTicks

Citrix NetScaler bug exploited in the wild since August (CVE-2023-4966) 18/10/2023 at 17:18 By Helga Labus A recently patched Citrix NetScaler ADC/Gateway information disclosure vulnerability (CVE-2023-4966) has been exploited by attackers in the wild since late August 2023, Mandiant researchers have revealed. About CVE-2023-4966 Citrix’s security advisory, published on October 10, says that the vulnerability […]

React to this headline:

Citrix NetScaler bug exploited in the wild since August (CVE-2023-4966) Read More »

Jupyter Notebooks targeted by cryptojackers

AWS, Cado Security, Cloud, cryptojacking, Don't miss, Google Cloud, Hot stuff, Malware, News / SecurityTicks

Jupyter Notebooks targeted by cryptojackers 18/10/2023 at 14:36 By Helga Labus Cryptojackers are targeting exposed Jupyter Notebooks to install cryptominers and steal credential files for popular cloud services, researchers have uncovered. What are Jupyter Notebooks? “Jupyter is a service that allows you to host individual snippets of code and lets others execute this code in

React to this headline:

Jupyter Notebooks targeted by cryptojackers Read More »

The evolution of deception tactics from traditional to cyber warfare

Acalvio, Artificial Intelligence, automation, CISA, cyber resilience, cybersecurity, Cyberwarfare, data, deception, digital transformation, Don't miss, Features, framework, Government, Hot stuff, News, opinion, regulation, strategy, USA / SecurityTicks

The evolution of deception tactics from traditional to cyber warfare 18/10/2023 at 07:33 By Mirko Zorz Admiral James A. Winnefeld, USN (Ret.), is the former vice chairman of the Joint Chiefs of Staff and is an advisor to Acalvio Technologies. In this Help Net Security interview, he compares the strategies of traditional and cyber warfare,

React to this headline:

The evolution of deception tactics from traditional to cyber warfare Read More »

10 essential cybersecurity cheat sheets available for free

cloud security, cybersecurity, Don't miss, guide, Hot stuff, Incident Response, Linux, News, skill development, strategy, tips, Windows / SecurityTicks

10 essential cybersecurity cheat sheets available for free 18/10/2023 at 07:02 By Help Net Security Cheat sheets are concise, to-the-point references tailored for instant insights. This article provides a curated list of 10 essential cybersecurity cheat sheets, all free to download. Whether you’re seeking a quick refresher or a beginner trying to make sense of

React to this headline:

10 essential cybersecurity cheat sheets available for free Read More »

SMBs seek help as cyber threats reach an all-time high

cyber resilience, cybersecurity, data, hybrid workforce, News, Ransomware, report, Sage, SMBs, strategy, survey / SecurityTicks

SMBs seek help as cyber threats reach an all-time high 18/10/2023 at 06:32 By Help Net Security Understanding the evolving threat landscape is the biggest cybersecurity challenge facing SMBs, including non-for-profit organizations – and more than half are calling for help to manage the risks, according to Sage. Globally, 48% of SMBs have experienced a

React to this headline:

SMBs seek help as cyber threats reach an all-time high Read More »

Generative AI merges with intelligent malware, threat level rises

AU10TIX, cybercrime, cybersecurity, fraud, generative AI, identity verification, Malware, News, report, survey / SecurityTicks

Generative AI merges with intelligent malware, threat level rises 18/10/2023 at 06:00 By Help Net Security There has been a 44% increase in organized ID fraud in North America compared to preceding quarters, according to AU10TIX. This upsurge is believed to be driven by the ongoing economic recovery and inflationary pressures, particularly in the US

React to this headline:

Generative AI merges with intelligent malware, threat level rises Read More »

Secure source code but vulnerable app: Tackle compiler-born vulnerabilities

DerSecur, Don't miss, News, Whitepapers and webinars / SecurityTicks

Secure source code but vulnerable app: Tackle compiler-born vulnerabilities 18/10/2023 at 05:47 By Help Net Security In the pursuit of optimized performance, modern compilers employ sophisticated techniques, translating high-level source code into efficient, executable programs. However, this advanced translation sometimes inadvertently weaves vulnerabilities into the fabric of the end product. Unbeknownst to many, these obscure

React to this headline:

Secure source code but vulnerable app: Tackle compiler-born vulnerabilities Read More »

Valve introduces SMS-based confirmation to prevent malicious games on Steam

authentication, Don't miss, ESET, Hot stuff, MFA, News, security update, software development, Steam / SecurityTicks

Valve introduces SMS-based confirmation to prevent malicious games on Steam 17/10/2023 at 16:32 By Helga Labus Video game publisher/digital distribution company Valve is forcing developers who publish games on its Steam platform to “validate” new builds with a confirmation code received via SMS. The Steam SMS confirmation requirement Valve sent out notices last month to

React to this headline:

Valve introduces SMS-based confirmation to prevent malicious games on Steam Read More »

Researchers warn of increased malware delivery via fake browser updates

consumer, Don't miss, enterprise, Hot stuff, Malware, News, Proofpoint, Sekoia.io, WordPress / SecurityTicks

Researchers warn of increased malware delivery via fake browser updates 17/10/2023 at 13:32 By Zeljka Zorz ClearFake, a recently documented threat leveraging compromised WordPress sites to push malicious fake browser updates, is likely operated by the threat group behind the SocGholish “malware delivery via fake browser updates” campaigns, Sekoia researchers have concluded. About ClearFake ClearFake

React to this headline:

Researchers warn of increased malware delivery via fake browser updates Read More »

How to go from collecting risk data to actually reducing risk?

cybersecurity, DevOps, Don't miss, Expert analysis, Expert corner, Hot stuff, News, opinion, remediation, Risk Management, Seemplicity, strategy, tips / SecurityTicks

How to go from collecting risk data to actually reducing risk? 17/10/2023 at 08:17 By Help Net Security Organizations trying to cope with securing their expanding attack surfaces eventually find themselves at a crossroads: they need to move beyond finding risks to effectively mitigating risk. Making that transition starts with a shift from using “risks

React to this headline:

How to go from collecting risk data to actually reducing risk? Read More »

The collaborative power of CISOs, CTOs and CIOs for a secure future

CIO, CISO, Cloud, collaboration, Compliance, cybersecurity, Don't miss, Features, generative AI, Google, Google Cloud, Hot stuff, investment, News, opinion, Risk Management, strategy / SecurityTicks

The collaborative power of CISOs, CTOs and CIOs for a secure future 17/10/2023 at 07:03 By Mirko Zorz In this Help Net Security interview, Phil Venables, CISO at Google Cloud, discusses the results of a recent Google report on board collaboration with the C-suite — particularly the CIO, CTO, and CISO to stay current with

React to this headline:

The collaborative power of CISOs, CTOs and CIOs for a secure future Read More »

One in five CISOs miss out on pay raise

Artico Search, CISO, cybersecurity, IANS, News, report, security spending, survey / SecurityTicks

One in five CISOs miss out on pay raise 17/10/2023 at 07:03 By Help Net Security The CISO role was partially shielded from the macroeconomic challenges of 2023, according to a new research from IANS and Artico Search. 20% of CISOs did not receive a raise The most recent average CISO total compensation increase was

React to this headline:

One in five CISOs miss out on pay raise Read More »

Cyberattacks on healthcare organizations affect patient care

BEC scams, cyberattack, cybercrime, cybersecurity, healthcare, News, Ponemon Institute, Proofpoint, Ransomware, report, supply chain attacks, survey / SecurityTicks

Cyberattacks on healthcare organizations affect patient care 17/10/2023 at 06:32 By Help Net Security 88% of organizations experienced an average of 40 attacks in the past 12 months, according to a survey conducted by the Proofpoint and Ponemon Institute. Supply chain attacks: Leading patient care risk The average total cost of a cyberattack experienced by

React to this headline:

Cyberattacks on healthcare organizations affect patient care Read More »

Anticipating the benefits of a passwordless tomorrow

authentication, cybersecurity, FIDO Alliance, LastPass, MFA, News, password manager, passwordless, passwords, report, shadow IT, survey / SecurityTicks

Anticipating the benefits of a passwordless tomorrow 17/10/2023 at 06:02 By Help Net Security Businesses are actively moving to eradicate passwords from employees’ lives, with 89% of IT leaders expecting passwords to represent less than a quarter of their organization’s logins within five years or less, according to a FIDO Alliance and LastPass report. Moving

React to this headline:

Anticipating the benefits of a passwordless tomorrow Read More »

Essential cyber hygiene: Making cyber defense cost effective

Center for Internet Security, Don't miss, News / SecurityTicks

Essential cyber hygiene: Making cyber defense cost effective 17/10/2023 at 05:32 By Help Net Security Strengthening your cyber defenses can be a daunting task. Where do you start? Which tools do you use? How much will it cost? And, what do you risk losing if you do nothing? It’s not always easy to answer these

React to this headline:

Essential cyber hygiene: Making cyber defense cost effective Read More »

ELITEWOLF: NSA’s repository of signatures and analytics to secure OT

cybersecurity, GitHub, Government, ICS/SCADA, News, NSA / SecurityTicks

ELITEWOLF: NSA’s repository of signatures and analytics to secure OT 17/10/2023 at 05:02 By Help Net Security Cyber entities continue to show a persistent interest in targeting critical infrastructure by taking advantage of vulnerable OT assets. To counter this threat, NSA has released a repository for OT Intrusion Detection Signatures and Analytics to the NSA

React to this headline:

ELITEWOLF: NSA’s repository of signatures and analytics to secure OT Read More »

Cisco IOS XE zero-day exploited by attackers to deliver implant (CVE-2023-20198)

0-day, attack, Cisco, Don't miss, Hot stuff, News / SecurityTicks

Cisco IOS XE zero-day exploited by attackers to deliver implant (CVE-2023-20198) 16/10/2023 at 22:33 By Zeljka Zorz A previously unknown vulnerability (CVE-2023-20198) affecting networking devices running Cisco IOS XE software is being exploited by a threat actor to take control of the devices and install an implant, Cisco Talos researchers have warned today. About CVE-2023-20198

React to this headline:

Cisco IOS XE zero-day exploited by attackers to deliver implant (CVE-2023-20198) Read More »

Compromised Skype accounts deliver DarkGate malware to employees

account hijacking, Don't miss, enterprise, Hot stuff, Malware, Microsoft Teams, News, Skype, Trend Micro / SecurityTicks

Compromised Skype accounts deliver DarkGate malware to employees 16/10/2023 at 16:46 By Helga Labus A threat actor is using compromised Skype accounts to deliver the DarkGate malware to target organizations, Trend Micro researchers have warned. “Versions of DarkGate have been advertised on Russian language forum eCrime since May 2023. Since then, an increase in the

React to this headline:

Compromised Skype accounts deliver DarkGate malware to employees Read More »

Microsoft announces AI bug bounty program

Artificial Intelligence, Bing, bug bounty, Don't miss, Hot stuff, Microsoft, News / SecurityTicks

Microsoft announces AI bug bounty program 16/10/2023 at 15:18 By Zeljka Zorz Microsoft is offering up to $15,000 to bug hunters that pinpoint vulnerabilities of Critical or Important severity in its AI-powered “Bing experience”. “The new Microsoft AI bounty program comes as a result of key investments and learnings over the last few months, including

React to this headline:

Microsoft announces AI bug bounty program Read More »

DIY attack surface management: Simple, cost-effective and actionable perimeter insights

Cloud, cybersecurity, DNS, Don't miss, Expert analysis, Expert corner, exploit, GitHub, Hot stuff, misconfiguration, News, open source, opinion, SaaS, vulnerability, web application, WithSecure / SecurityTicks

DIY attack surface management: Simple, cost-effective and actionable perimeter insights 16/10/2023 at 11:46 By Help Net Security Modern-day attack surface management (ASM) can be an intimidating task for most organizations, with assets constantly changing due to new deployments, assets being decommissioned, and ongoing migrations to cloud providers. Assets can be created and forgotten about, only

React to this headline:

DIY attack surface management: Simple, cost-effective and actionable perimeter insights Read More »