News - Security Ticks

Attackers hit software firm Retool to get to crypto companies and assets

Cryptocurrency, cybercrime, Don't miss, Hot stuff, MFA, News, Okta, Retool, social engineering, spear-phishing, supply chain compromise / SecurityTicks

Attackers hit software firm Retool to get to crypto companies and assets 14/09/2023 at 18:17 By Zeljka Zorz Retool, the company behind the popular development platform for building internal business software, has suffered a breach that allowed attackers to access and take over accounts of 27 cloud customers, all in the crypto industry. According to […]

React to this headline:

Attackers hit software firm Retool to get to crypto companies and assets Read More »

Attackers use fallback ransomware if LockBit gets blocked

Don't miss, enterprise, Hot stuff, News, Ransomware, Symantec / SecurityTicks

Attackers use fallback ransomware if LockBit gets blocked 14/09/2023 at 13:15 By Zeljka Zorz Your security solutions might stave off a LockBit infection, but you might still end up with encrypted files: according to Symantec’s threat researchers, some affiliates are using the 3AM ransomware as a fallback option in case LockBit gets flagged and blocked.

React to this headline:

Attackers use fallback ransomware if LockBit gets blocked Read More »

Access control in cloud-native applications in multi-location environments (NIST SP 800-207)

Cloud, cloud computing, cloud security, News, NIST, strategy, tips, zero trust / SecurityTicks

Access control in cloud-native applications in multi-location environments (NIST SP 800-207) 14/09/2023 at 11:47 By Help Net Security NIST released Special Publication (SP) 800-207A – “A Zero Trust Architecture Model for Access Control in Cloud-Native Applications in Multi-Location Environments.” Enterprise application environments consist of geographically distributed and loosely coupled microservices that span multiple cloud and

React to this headline:

Access control in cloud-native applications in multi-location environments (NIST SP 800-207) Read More »

Great security training is a real challenge

CISO, Compliance, cybersecurity, Don't miss, Expert analysis, Expert corner, Hot stuff, News, opinion, PagerDuty, passwords, physical security, security awareness, social engineering, training / SecurityTicks

Great security training is a real challenge 14/09/2023 at 07:31 By Help Net Security All employees need security training, yet it’s generally a resented afterthought. A variety of studies over years show that human error is generally felt to be the largest vulnerability in organizations. For technology companies like SaaS providers, who also need to

React to this headline:

Great security training is a real challenge Read More »

Mobile Verification Toolkit: Forensic analysis of Android and iOS devices to identify compromise

Android, computer forensics, Don't miss, iOS, mobile devices, News, smartphones / SecurityTicks

Mobile Verification Toolkit: Forensic analysis of Android and iOS devices to identify compromise 14/09/2023 at 06:32 By Help Net Security Mobile Verification Toolkit (MVT) is a collection of utilities to simplify and automate the process of gathering forensic traces helpful to identify a potential compromise of Android and iOS devices. MVT supports using public indicators

React to this headline:

Mobile Verification Toolkit: Forensic analysis of Android and iOS devices to identify compromise Read More »

Rising OT/ICS cybersecurity incidents reveal alarming trend

critical infrastructure, cybercrime, cybersecurity, firewall, network, News, phishing, regulation, report, Rockwell Automation, standards, strategy, supply chain attacks, survey / SecurityTicks

Rising OT/ICS cybersecurity incidents reveal alarming trend 14/09/2023 at 06:01 By Help Net Security 60% of cyberattacks against the industrial sector are led by state-affiliated actors and often unintentionally enabled by internal personnel (about 33% of the time), according to Rockwell Automation. This corroborates other industry research showing OT/ICS (Industrial Control Systems) cybersecurity incidents are

React to this headline:

Rising OT/ICS cybersecurity incidents reveal alarming trend Read More »

Download: Ultimate guide to Certified in Cybersecurity

ISC2, News, Whitepapers and webinars / SecurityTicks

Download: Ultimate guide to Certified in Cybersecurity 14/09/2023 at 05:46 By Help Net Security The ultimate guide covers everything you need to know about the entry-level Certified in Cybersecurity certification and how to get started with FREE training and exam through ISC2’s 1MCC program! No experience is required, just a passion for cybersecurity. It’s all

React to this headline:

Download: Ultimate guide to Certified in Cybersecurity Read More »

MetaStealer malware is targeting enterprise macOS users

apple, Don't miss, enterprise, Hot stuff, macOS, Malware, News / SecurityTicks

MetaStealer malware is targeting enterprise macOS users 13/09/2023 at 14:32 By Helga Labus Enterprise macOS users are being targeted by attackers slinging new information-stealing malware dubbed MetaStealer. The MetaStealer malware MetaStealer is delivered within malicious disk image format (.dmg) files. The names of the files – such as Advertising terms of reference (MacOS presentation).dmg and

React to this headline:

MetaStealer malware is targeting enterprise macOS users Read More »

Microsoft Teams phishing: Enterprises targeted by ransomware access broker

Don't miss, Hot stuff, initial access broker, Microsoft, Microsoft Teams, News, phishing, Ransomware / SecurityTicks

Microsoft Teams phishing: Enterprises targeted by ransomware access broker 13/09/2023 at 12:16 By Zeljka Zorz A threat actor known for providing ransomware gangs with initial access to enterprise systems has began phishing employees via Microsoft Teams. “For this activity, Storm-0324 most likely relies on a publicly available tool called TeamsPhisher,” Microsoft threat researchers noted. About

React to this headline:

Microsoft Teams phishing: Enterprises targeted by ransomware access broker Read More »

How should SMBs navigate the phishing minefield?

CISO, cybercrime, Don't miss, Features, News, phishing, scams, SMBs, threats, tips, Wursta / SecurityTicks

How should SMBs navigate the phishing minefield? 13/09/2023 at 07:47 By Zeljka Zorz In this Help Net Security interview, Pete Hoff, CISO at Wursta, offers advice to SMB security leaders and professionals on how to minimize the threat phishing presents to their organization’s operations and long-term success. What makes phishing attacks particularly challenging for small

React to this headline:

How should SMBs navigate the phishing minefield? Read More »

Serial cybersecurity founders get back in the game

CEO, cybersecurity, Don't miss, Expert analysis, Expert corner, Honeywell, Hot stuff, Microsoft, News, opinion, Palo Alto Networks, Valence Security, YL Ventures / SecurityTicks

Serial cybersecurity founders get back in the game 13/09/2023 at 07:32 By Help Net Security “I didn’t really have a choice,” says Ben Bernstein, the former CEO and co-founder of Twistlock (acquired by Palo Alto Networks in 2019) and the CEO and co-founder of a new cybersecurity startup that is still in stealth. “Building a

React to this headline:

Serial cybersecurity founders get back in the game Read More »

Latest fraud schemes targeting the payments ecosystem

Cryptocurrency, cybercrime, cybercriminals, cybersecurity, fraud, News, Online, Ransomware, report, survey, Visa / SecurityTicks

Latest fraud schemes targeting the payments ecosystem 13/09/2023 at 06:33 By Help Net Security Threat actors continued to exploit technical misconfigurations through various fraud schemes, according to a new report from Visa. These include the use of malvertising and search engine optimization (SEO) techniques to cultivate compelling and effective phishing and social engineering campaigns, the

React to this headline:

Latest fraud schemes targeting the payments ecosystem Read More »

Privacy concerns cast a shadow on AI’s potential for software development

451 Research, Artificial Intelligence, cybersecurity, data, GitLab, News, report, software development, survey / SecurityTicks

Privacy concerns cast a shadow on AI’s potential for software development 13/09/2023 at 06:01 By Help Net Security Organizations are optimistic about AI, but AI adoption requires attention to privacy and security, productivity, and training, according to GitLab. “The transformational opportunity with AI goes way beyond creating code,” said David DeSanto, CPO, GitLab. “According to

React to this headline:

Privacy concerns cast a shadow on AI’s potential for software development Read More »

Microsoft, Adobe fix zero-days exploited by attackers (CVE-2023-26369, CVE-2023-36761, CVE-2023-36802)

Adobe, Automox, CVE, Don't miss, Hot stuff, Microsoft, Microsoft Exchange, News, patch, Patch Tuesday, security update, Tenable, Trend Micro / SecurityTicks

Microsoft, Adobe fix zero-days exploited by attackers (CVE-2023-26369, CVE-2023-36761, CVE-2023-36802) 12/09/2023 at 22:01 By Zeljka Zorz September 2023 Patch Tuesday is here, with fixes for actively exploited vulnerabilities in Adobe Acrobat and Reader (CVE-2023-26369), Microsoft Word (CVE-2023-36761), and Microsoft Streaming Service Proxy (CVE-2023-36802). Microsoft vulnerabilities of note Microsoft has delivered fixes for 61 CVE-numbered flaws:

React to this headline:

Microsoft, Adobe fix zero-days exploited by attackers (CVE-2023-26369, CVE-2023-36761, CVE-2023-36802) Read More »

Requests via Facebook Messenger lead to hijacked business accounts

account hijacking, Don't miss, Facebook, Facebook Messenger, Guardio, Hot stuff, Malware, News, phishing / SecurityTicks

Requests via Facebook Messenger lead to hijacked business accounts 12/09/2023 at 13:32 By Zeljka Zorz Hijackers of Facebook business accounts are relying on fake business inquiries and threats of page/account suspension to trick targets into downloading password-stealing malware. Examples of phishing messages. (Source: Guardio Labs) The campaign Hijacked Facebook business accounts a great way to

React to this headline:

Requests via Facebook Messenger lead to hijacked business accounts Read More »

Chrome zero-day exploited in the wild, patch now! (CVE-2023-4863)

0-day, Chrome, Don't miss, Google, Hot stuff, News, security update, vulnerability / SecurityTicks

Chrome zero-day exploited in the wild, patch now! (CVE-2023-4863) 12/09/2023 at 12:47 By Helga Labus Google has rolled out a security update for a critical Chrome zero-day vulnerability (CVE-2023-4863) exploited in the wild. About the vulnerability (CVE-2023-4863) CVE-2023-4863 is a critical heap buffer overflow vulnerability in the component that handles WebP, a raster graphics file

React to this headline:

Chrome zero-day exploited in the wild, patch now! (CVE-2023-4863) Read More »

17 free AWS cybersecurity courses you can take right now

Amazon Web Services, AWS, cloud security, Don't miss, Hot stuff, how-to, News, skill development, strategy, tips / SecurityTicks

17 free AWS cybersecurity courses you can take right now 12/09/2023 at 08:02 By Help Net Security Amazon Web Services (AWS) is the most extensive and widely-used cloud platform in the world, providing more than 200 services through global data centers. It serves millions of clients, ranging from startups to major corporations and government organizations.

React to this headline:

17 free AWS cybersecurity courses you can take right now Read More »

Companies need to rethink how they implement identity security

cybersecurity, data breach, MFA, News, Osterman Research, report, Silverfort, survey / SecurityTicks

Companies need to rethink how they implement identity security 12/09/2023 at 07:01 By Help Net Security More than 80% of organizations have experienced an identity-related breach that involved the use of compromised credentials, half of which happened in the past 12 months, according to Silverfort and Osterman Research. Lack of visibility into the identity attack

React to this headline:

Companies need to rethink how they implement identity security Read More »

CISOs need to be forceful to gain leverage in the boardroom

BSS, CISO, Cloud, cybersecurity, investment, News, report, survey / SecurityTicks

CISOs need to be forceful to gain leverage in the boardroom 12/09/2023 at 06:32 By Help Net Security Over 70% of CISOs feel that the importance of information security is not recognised by senior leadership, according to BSS. The CISOs said their top four highest investment priorities in 2023 are change management (35%), information security

React to this headline:

CISOs need to be forceful to gain leverage in the boardroom Read More »

Bruschetta-Board: Multi-protocol Swiss Army knife for hardware hackers

Don't miss, GitHub, hardware, News / SecurityTicks

Bruschetta-Board: Multi-protocol Swiss Army knife for hardware hackers 12/09/2023 at 06:02 By Help Net Security Bruschetta-Board is a device for all hardware hackers looking for a fairly-priced all-in-one debugger and programmer that supports UART, JTAG, I2C & SPI protocols and allows to interact with different targets’ voltages (i.e., 1.8, 2.5, 3.3 and 5 Volts!). A

React to this headline:

Bruschetta-Board: Multi-protocol Swiss Army knife for hardware hackers Read More »