News - Security Ticks

Open source strikes back: Nextcloud Hub 10 challenges Big Tech’s monopoly on AI and privacy

Artificial Intelligence, collaboration, News, open source, software / SecurityTicks

Open source strikes back: Nextcloud Hub 10 challenges Big Tech’s monopoly on AI and privacy 2025-02-25 at 15:18 By Help Net Security Hyperscalers have perpetuated the narrative that open-source solutions cannot compete at scale. This perception has influenced funding priorities, shaped policy discussions, and reinforced organizational reliance on Big Tech. With the launch of Hub […]

React to this headline:

Open source strikes back: Nextcloud Hub 10 challenges Big Tech’s monopoly on AI and privacy Read More »

Avoiding vendor lock-in when using managed cloud security services

access control, Artificial Intelligence, CISO, cloud security, Compliance, cybersecurity, Don't miss, Features, Hot stuff, News, opinion, Tamnoon / SecurityTicks

Avoiding vendor lock-in when using managed cloud security services 2025-02-25 at 08:05 By Mirko Zorz In this Help Net Security interview, Marina Segal, CEO at Tamnoon, discusses the most significant obstacles when implementing managed cloud security in hybrid and multi-cloud environments. She shares insights on long onboarding times, legacy security gaps, vendor lock-in, and overlooked

React to this headline:

Avoiding vendor lock-in when using managed cloud security services Read More »

The CISO’s dilemma of protecting the enterprise while driving innovation

CISO, Cloudera, cyber risk, cybersecurity, Don't miss, News, Risk Management, strategy, tips, Upwind / SecurityTicks

The CISO’s dilemma of protecting the enterprise while driving innovation 2025-02-25 at 07:34 By Help Net Security CISOs are constantly navigating the challenge of protecting their organizations while ensuring business agility and innovation. For example, as companies move workloads to the cloud to support remote teams, security teams must secure data without slowing down productivity.

React to this headline:

The CISO’s dilemma of protecting the enterprise while driving innovation Read More »

Cybersecurity jobs available right now: February 25, 2025

cybersecurity jobs, News / SecurityTicks

Cybersecurity jobs available right now: February 25, 2025 2025-02-25 at 07:00 By Anamarija Pogorelec Application Security Engineer Binance | UAE | Remote – View job details As a Application Security Engineer, you will enhance and maintain the security postures of Binance’s affiliates specializing in DeFi and Web3. Serve as the first responder for security issues

React to this headline:

Cybersecurity jobs available right now: February 25, 2025 Read More »

PoC exploit for Ivanti Endpoint Manager vulnerabilities released (CVE-2024-13159)

Don't miss, endpoint management, enterprise, Horizon3.ai, Hot stuff, Ivanti, News, PoC / SecurityTicks

PoC exploit for Ivanti Endpoint Manager vulnerabilities released (CVE-2024-13159) 2025-02-24 at 16:18 By Zeljka Zorz A proof-of-concept (PoC) exploit for four critical Ivanti Endpoint Manager vulnerabilities has been released by Horizon3.ai researchers. The vulnerabilities – CVE-2024-10811, CVE-2024-13161, CVE-2024-13160 and CVE-2024-13159 – may be exploited by remote, unauthenticated attackers to leverage Ivanti EPM machine account credentials

React to this headline:

PoC exploit for Ivanti Endpoint Manager vulnerabilities released (CVE-2024-13159) Read More »

Massive botnet hits Microsoft 365 accounts

attacks, cybersecurity, Microsoft, Microsoft 365, News, passwords, SecurityScorecard / SecurityTicks

Massive botnet hits Microsoft 365 accounts 2025-02-24 at 15:16 By Help Net Security A recently discovered botnet of over 130,000 compromised devices is launching coordinated password-spraying attacks against Microsoft 365 (M365) accounts. Security researchers at SecurityScorecard are examining possible connections to China-affiliated threat actors, citing evidence of infrastructure linked to CDS Global Cloud and UCLOUD

React to this headline:

Massive botnet hits Microsoft 365 accounts Read More »

Account takeover detection: There’s no single tell

account hijacking, account protection, Don't miss, enterprise, Hot stuff, MFA, News, Proofpoint / SecurityTicks

Account takeover detection: There’s no single tell 2025-02-24 at 14:48 By Zeljka Zorz Account takeover (ATO) is one of the most prevalent attack types; Proofpoint says that in 2024, 99% of the customer tenants the company monitors were hit with at least one account takeover attempt, and 62% of the customers experienced at least one

React to this headline:

Account takeover detection: There’s no single tell Read More »

Man vs. machine: Striking the perfect balance in threat intelligence

Artificial Intelligence, automation, cybersecurity, Don't miss, Features, Hot stuff, LLMs, News, opinion, Perspective Intelligence, Threat Intelligence / SecurityTicks

Man vs. machine: Striking the perfect balance in threat intelligence 2025-02-24 at 08:00 By Mirko Zorz In this Help Net Security interview, Aaron Roberts, Director at Perspective Intelligence, discusses how automation is reshaping threat intelligence. He explains that while AI tools can process massive data sets, the nuanced judgment of experienced analysts remains critical. Roberts

React to this headline:

Man vs. machine: Striking the perfect balance in threat intelligence Read More »

Misconfig Mapper: Open-source tool to uncover security misconfigurations

Don't miss, GitHub, misconfiguration, News, open source, software / SecurityTicks

Misconfig Mapper: Open-source tool to uncover security misconfigurations 2025-02-24 at 07:33 By Mirko Zorz Misconfig Mapper is an open-source CLI tool built in Golang that discovers and enumerates instances of services used within your organization. It performs large-scale detection and misconfiguration assessments, leveraging customizable templates with detection and misconfiguration fingerprints to identify potential security risks

React to this headline:

Misconfig Mapper: Open-source tool to uncover security misconfigurations Read More »

Week in review: PostgreSQL 0-day exploited in US Treasury hack, top OSINT books to learn from

News, Week in review / SecurityTicks

Week in review: PostgreSQL 0-day exploited in US Treasury hack, top OSINT books to learn from 2025-02-23 at 12:41 By Help Net Security Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: A PostgreSQL zero-day was also exploited in US Treasury hack (CVE-2025-1094) The suspected Chinese state-sponsored hackers who

React to this headline:

Week in review: PostgreSQL 0-day exploited in US Treasury hack, top OSINT books to learn from Read More »

Security and privacy concerns challenge public sector’s efforts to modernize

access control, Artificial Intelligence, cybersecurity, data security, digital transformation, hybrid IT, News, report, SolarWinds / SecurityTicks

Security and privacy concerns challenge public sector’s efforts to modernize 2025-02-21 at 18:01 By Help Net Security For most public sector organizations, digital transformation is a work in progress, with the complexity of integrating new systems and privacy and security concerns remaining key barriers, according to a report by SolarWinds. Only 6% of respondents report

React to this headline:

Security and privacy concerns challenge public sector’s efforts to modernize Read More »

Mastering the cybersecurity tightrope of protection, detection, and response

cyber resilience, cybersecurity, data security, Don't miss, Encryption, Features, Hot stuff, Incident Response, monitoring, News, opinion, Sophos, strategy / SecurityTicks

Mastering the cybersecurity tightrope of protection, detection, and response 2025-02-21 at 08:05 By Mirko Zorz In this Help Net Security interview, Chester Wisniewski, Director and Global Field CISO at Sophos, discusses the shifting ransomware landscape, the risks posed by quantum decryption threats, and the role of vendor security validation. Wisniewski notes that cyber resilience is

React to this headline:

Mastering the cybersecurity tightrope of protection, detection, and response Read More »

How to secure Notes on iOS and macOS

apple, cybersecurity, how-to, iOS, macOS, News, Privacy, tips / SecurityTicks

How to secure Notes on iOS and macOS 2025-02-21 at 07:34 By Help Net Security Apple allows you to lock your notes using your iPhone passcode or a separate password, ensuring your private information stays protected across all your Apple devices, including iOS and macOS. Whether you’re using your iPhone, iPad, or Mac, here’s how

React to this headline:

How to secure Notes on iOS and macOS Read More »

New infosec products of the week: February 21, 2025

1Password, Fortinet, News, Pangea, Privacera, Veeam Software / SecurityTicks

New infosec products of the week: February 21, 2025 2025-02-21 at 06:05 By Help Net Security Here’s a look at the most interesting products from the past week, featuring releases from 1Password, Fortinet, Pangea, Privacera, and Veeam Software. Fortinet enhances FortiAnalyzer to deliver accelerated threat hunting and incident response FortiAnalyzer offers a streamlined entry point

React to this headline:

New infosec products of the week: February 21, 2025 Read More »

Cybersecurity jobs available right now in the USA: February 20, 2025

cybersecurity jobs, News, USA / SecurityTicks

Cybersecurity jobs available right now in the USA: February 20, 2025 2025-02-20 at 18:06 By Anamarija Pogorelec Compliance & Privacy Specialist McKesson | Remote – View job details As a Compliance & Privacy Specialist, you will identify potential gaps, establish and maintain policies and procedures to guide the business in complying with regulatory requirements, create

React to this headline:

Cybersecurity jobs available right now in the USA: February 20, 2025 Read More »

PRevent: Open-source tool to detect malicious code in pull requests

Apiiro, code analysis, Don't miss, GitHub, Hot stuff, Java, JavaScript, Kotlin, News, open source, PHP, programming, Python, Ruby, software development, threat detection / SecurityTicks

PRevent: Open-source tool to detect malicious code in pull requests 2025-02-20 at 16:52 By Zeljka Zorz Apiiro security researchers have released open source tools that can help organizations detect malicious code as part of their software development lifecycle: PRevent (a scanner for pull requests), and a malicious code detection ruleset for Semgrep and Opengrep static

React to this headline:

PRevent: Open-source tool to detect malicious code in pull requests Read More »

Trustwave Becomes First Pure-Play MDR Provider to Achieve FedRAMP Authorization

Government, News, Spotlights / SecurityTicks

Trustwave Becomes First Pure-Play MDR Provider to Achieve FedRAMP Authorization 2025-02-20 at 16:02 By Trustwave has attained authorized status by the Federal Risk and Authorization Management Program (FedRAMP) for its Government Fusion platform. This announcement follows Trustwave being named earlier this year as an official StateRAMP-authorized vendor. This article is an excerpt from Trustwave Blog View Original Source React

React to this headline:

Trustwave Becomes First Pure-Play MDR Provider to Achieve FedRAMP Authorization Read More »

Darcula allows tech-illiterate crooks to create, deploy DIY phishing kits targeting any brand

cybercrime, digital wallet, Don't miss, Hot stuff, Netcraft, News, payment cards, phishing, SecAlliance / SecurityTicks

Darcula allows tech-illiterate crooks to create, deploy DIY phishing kits targeting any brand 2025-02-20 at 13:35 By Zeljka Zorz A new, improved version of Darcula, a cat-themed phishing-as-a-service (PhaaS) platform aimed at serving Chinese-speaking criminals, will be released this month and will allow malicious users to create customized phishing kits to target a wider variety

React to this headline:

Darcula allows tech-illiterate crooks to create, deploy DIY phishing kits targeting any brand Read More »

Hackers pose as employers to steal crypto, login credentials

cyber espionage, cybercrime, Don't miss, ESET, News, North Korea, research, scams, threats / SecurityTicks

Hackers pose as employers to steal crypto, login credentials 2025-02-20 at 12:03 By Help Net Security Since early 2024, ESET researchers have been tracking DeceptiveDevelopment, a series of malicious campaigns linked to North Korea-aligned operators. Disguising themselves as software development recruiters, these threat actors lure victims with fake job offers and deliver software projects embedded

React to this headline:

Hackers pose as employers to steal crypto, login credentials Read More »

Unknown and unsecured: The risks of poor asset visibility

Artificial Intelligence, automation, CybaVerse, cybersecurity, Don't miss, Endpoint Security, Features, Hot stuff, IT assets, News, opinion, strategy / SecurityTicks

Unknown and unsecured: The risks of poor asset visibility 2025-02-20 at 07:34 By Mirko Zorz In this Help Net Security interview, Juliette Hudson, CTO of CybaVerse, discusses why asset visibility remains a critical cybersecurity challenge. She explains how to maintain security without slowing down operations, shares ways to improve visibility in OT environments, and explains

React to this headline:

Unknown and unsecured: The risks of poor asset visibility Read More »