News - Security Ticks

Rethinking AppSec: How DevOps, containers, and serverless are changing the rules

Application Security, automation, Bright, CISO, cybersecurity, DevOps, Don't miss, Features, Hot stuff, News, opinion, serverless, strategy, tips / SecurityTicks

Rethinking AppSec: How DevOps, containers, and serverless are changing the rules 2025-05-07 at 08:32 By Mirko Zorz Application security is changing fast. In this Help Net Security interview, Loris Gutic, Global CISO at Bright, talks about what it takes to keep up. Gutic explains how DevOps, containers, and serverless tools are shaping security, and shares […]

Rethinking AppSec: How DevOps, containers, and serverless are changing the rules Read More »

Autorize: Burp Suite extension for automatic authorization enforcement detection

Don't miss, GitHub, News, open source, penetration testing, software / SecurityTicks

Autorize: Burp Suite extension for automatic authorization enforcement detection 2025-05-07 at 08:02 By Help Net Security Autorize is an open-source Burp Suite extension that checks if users can access things they shouldn’t. It runs automatic tests to help security testers find authorization problems. Autorize installation To use Autorize, you’ll need Burp Suite and Jython. Here’s

Autorize: Burp Suite extension for automatic authorization enforcement detection Read More »

1 in 3 workers keep AI use a secret

generative AI, Ivanti, News, survey / SecurityTicks

1 in 3 workers keep AI use a secret 2025-05-07 at 07:33 By Help Net Security Employees are feeling heightened concerns around the use of technology to enhance productivity, as well as job dissatisfaction and a lack of motivation at work. In fact, 30% of employees who use GenAI tools at work worry their job

1 in 3 workers keep AI use a secret Read More »

Personal data of top executives easily found online

data security, Incogni, News, Privacy, report, survey / SecurityTicks

Personal data of top executives easily found online 2025-05-07 at 07:01 By Help Net Security The personal information of 75% of corporate directors can be found on people search sites, according to Incogni. People search sites claim to reveal a variety of personal details, including public records, phone numbers, and even property values. Home addresses

Personal data of top executives easily found online Read More »

RCE flaw in tool for building AI agents exploited by attackers (CVE-2025-3248)

Censys, Don't miss, exploit, Horizon3.ai, Hot stuff, News, PoC, SANS ISC, vulnerability / SecurityTicks

RCE flaw in tool for building AI agents exploited by attackers (CVE-2025-3248) 2025-05-06 at 16:19 By Zeljka Zorz A missing authentication vulnerability (CVE-2025-3248) in Langflow, a web application for building AI-driven agents, is being exploited by attackers in the wild, CISA has confirmed by adding it to its Known Exploited Vulnerabilities (KEV) catalog. About CVE-2025-3248

RCE flaw in tool for building AI agents exploited by attackers (CVE-2025-3248) Read More »

Webinar: Securely migrating to the cloud

Center for Internet Security, News, Whitepapers and webinars / SecurityTicks

Webinar: Securely migrating to the cloud 2025-05-06 at 16:04 By Help Net Security Whether your organization is already in the cloud or just starting to plan your migration, security is a top priority. This webinar will help you to better understand your options for cloud migration as well as learn how to prioritize cloud security

Webinar: Securely migrating to the cloud Read More »

Exploited: Vulnerability in software for managing Samsung digital displays (CVE-2024-7399)

Arctic Wolf Networks, botnet, Don't miss, Hot stuff, News, PoC, Samsung, SANS ISC, vulnerability / SecurityTicks

Exploited: Vulnerability in software for managing Samsung digital displays (CVE-2024-7399) 2025-05-06 at 13:03 By Zeljka Zorz An easily and remotely exploitable vulnerability (CVE-2024-7399) affecting Samsung MagicINFO, a platform for managing content on Samsung commercial displays, is being leveraged by attackers. Exploit attempts have been flagged by the SANS Internet Storm Center and Arctic Wolf researchers:

Exploited: Vulnerability in software for managing Samsung digital displays (CVE-2024-7399) Read More »

What a future without CVEs means for cyber defense

CVE, cybersecurity, Don't miss, Expert analysis, Expert corner, Hack The Box, Hot stuff, News, opinion, vulnerability management / SecurityTicks

What a future without CVEs means for cyber defense 2025-05-06 at 11:31 By Help Net Security The importance of the MITRE-run Common Vulnerabilities and Exposures (CVE) Program shouldn’t be understated. For 25 years, it has acted as the point of reference for cybersecurity professionals to understand and mitigate security flaws. By providing a standardized method

What a future without CVEs means for cyber defense Read More »

What it really takes to build a resilient cyber program

CISO, cyber resilience, cybersecurity, Don't miss, Features, Hot stuff, News, Nightwing, opinion, regulation, strategy, tips, vulnerability management / SecurityTicks

What it really takes to build a resilient cyber program 2025-05-06 at 08:32 By Mirko Zorz In this Help Net Security interview, Dylan Owen, CISO at Nightwing, talks about what it really takes to build an effective defense: choosing the right frameworks, setting up processes, and getting everyone on the same page. Drawing on both

What it really takes to build a resilient cyber program Read More »

How cybercriminals exploit psychological triggers in social engineering attacks

Avast, cybercrime, cybersecurity, Don't miss, Fortra, News, Proofpoint, Reality Defender, Secure Yeti, social engineering, tips, Zscaler / SecurityTicks

How cybercriminals exploit psychological triggers in social engineering attacks 2025-05-06 at 08:03 By Sinisa Markovic Most attacks don’t start with malware; they begin with a message that seems completely normal, whether it comes through email, a phone call, or a chat, and that is exactly what makes them so effective. These threats rely on psychological

How cybercriminals exploit psychological triggers in social engineering attacks Read More »

Key tips to stay safe from deepfake and AI threats

deepfakes, Don't miss, News, Polyguard, scams, strategy, threats, tips, Video / SecurityTicks

Key tips to stay safe from deepfake and AI threats 2025-05-06 at 07:31 By Help Net Security In this Help Net Security video, Joshua McKenty, CEO of Polyguard, talks about how to protect yourself from deepfake and AI threats, which are getting harder to spot and easier to launch. Attackers can clone your voice or

Key tips to stay safe from deepfake and AI threats Read More »

Cybersecurity jobs available right now: May 6, 2025

cybersecurity jobs, News / SecurityTicks

Cybersecurity jobs available right now: May 6, 2025 2025-05-06 at 07:01 By Anamarija Pogorelec Application Security Specialist Signify | Netherlands | On-site – View job details As an Application Security Specialist, you will define and deploy the application security strategy for security improvements to be in pair with the industry and its benchmarks. Coordinate and

Cybersecurity jobs available right now: May 6, 2025 Read More »

UK retailers under cyber attack: Co-op member data compromised

CISA, Don't miss, Hot stuff, NCSC, News, Ransomware, Retail, social engineering, UK / SecurityTicks

UK retailers under cyber attack: Co-op member data compromised 2025-05-05 at 15:17 By Zeljka Zorz UK-based retailers Marks & Spencer, Co-op, and Harrods have been targeted by cyber attackers in the last few weeks. Whether the attacks have been mounted by the same group is difficult to say for sure: the victimized businesses are sharing

UK retailers under cyber attack: Co-op member data compromised Read More »

How CISOs can talk cybersecurity so it makes sense to executives

boardroom, CISO, CXO, cyber risk, cybersecurity, Don't miss, Features, Hot stuff, News, opinion, Optiv Security, security controls, security ROI, Splunk, strategy, Team8, tips / SecurityTicks

How CISOs can talk cybersecurity so it makes sense to executives 2025-05-05 at 09:02 By Mirko Zorz CISOs know cyber risk is business risk. Boards don’t always see it that way. For years, CISOs have struggled to get boards to understand security beyond buzzwords. Many feel they’re either ignored or misunderstood. But with threats growing

How CISOs can talk cybersecurity so it makes sense to executives Read More »

How OSINT supports financial crime investigations

Blackdot Solutions, crime, cybersecurity, data, Don't miss, Features, financial industry, Hot stuff, News, opinion, OSINT, regulation / SecurityTicks

How OSINT supports financial crime investigations 2025-05-05 at 08:31 By Mirko Zorz In this Help Net Security interview, Stuart Clarke, CEO at Blackdot Solutions, discusses the strategic use of open-source intelligence (OSINT) in tackling financial crime. He outlines its application in areas such as fraud, sanctions evasion, and money laundering, and addresses the legal, ethical,

How OSINT supports financial crime investigations Read More »

Review: Effective Vulnerability Management

Aquia, books, Don't miss, News, Reviews, skill development, strategy, tips, vulnerability management / SecurityTicks

Review: Effective Vulnerability Management 2025-05-05 at 08:03 By Mirko Zorz Effective Vulnerability Management offers a view of a key part of cybersecurity, showing how practices, tools, and processes can help organizations reduce risk. About the authors Chris Hughes is the President of Aquia, a cybersecurity leader with 20 years of public and private sector experience,

Review: Effective Vulnerability Management Read More »

Vuls: Open-source agentless vulnerability scanner

Don't miss, GitHub, News, open source, scanning, software / SecurityTicks

Vuls: Open-source agentless vulnerability scanner 2025-05-05 at 07:33 By Help Net Security Vuls is an open-source tool that helps users find and manage security vulnerabilities. It was created to solve the daily problems admins face when trying to keep servers secure. Many administrators choose not to use automatic software updates because they want to avoid

Vuls: Open-source agentless vulnerability scanner Read More »

Ransomware spike exposes cracks in cloud security

cybersecurity, data security, News, Ransomware, report, Rubrik, survey / SecurityTicks

Ransomware spike exposes cracks in cloud security 2025-05-05 at 07:01 By Help Net Security 90% of IT and security leaders said their organization experienced a cyberattack within the last year, according to a report by Rubrik. “Many organizations that move to the cloud assume their providers will handle security,” said Joe Hladik, Head of Rubrik

Ransomware spike exposes cracks in cloud security Read More »

Week in review: Critical SAP NetWeaver flaw exploited, RSAC 2025 Conference

News, Week in review / SecurityTicks

Week in review: Critical SAP NetWeaver flaw exploited, RSAC 2025 Conference 2025-05-04 at 10:47 By Help Net Security Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: RSAC 2025 Conference RSAC 2025 Conference took place at the Moscone Center in San Francisco. Check out our microsite for related news,

Week in review: Critical SAP NetWeaver flaw exploited, RSAC 2025 Conference Read More »

Attackers exploited old flaws to breach SonicWall SMA appliances (CVE-2024-38475, CVE-2023-44221)

CISA, Don't miss, exploit, Hot stuff, News, PoC, SMBs, SonicWall, vulnerability, WatchTowr / SecurityTicks

Attackers exploited old flaws to breach SonicWall SMA appliances (CVE-2024-38475, CVE-2023-44221) 2025-05-02 at 16:18 By Zeljka Zorz Attackers have been using two previously known vulnerabilities (CVE-2024-38475, CVE-2023-44221) to compromise Sonicwall secure mobile access devices, the vendor has confirmed by updating the associated advisories. CISA has added the two flaws to its Known Exploited Vulnerabilities catalog,

Attackers exploited old flaws to breach SonicWall SMA appliances (CVE-2024-38475, CVE-2023-44221) Read More »