News - Security Ticks

How should SMBs navigate the phishing minefield?

CISO, cybercrime, Don't miss, Features, News, phishing, scams, SMBs, threats, tips, Wursta / SecurityTicks

How should SMBs navigate the phishing minefield? 13/09/2023 at 07:47 By Zeljka Zorz In this Help Net Security interview, Pete Hoff, CISO at Wursta, offers advice to SMB security leaders and professionals on how to minimize the threat phishing presents to their organization’s operations and long-term success. What makes phishing attacks particularly challenging for small […]

React to this headline:

How should SMBs navigate the phishing minefield? Read More »

Serial cybersecurity founders get back in the game

CEO, cybersecurity, Don't miss, Expert analysis, Expert corner, Honeywell, Hot stuff, Microsoft, News, opinion, Palo Alto Networks, Valence Security, YL Ventures / SecurityTicks

Serial cybersecurity founders get back in the game 13/09/2023 at 07:32 By Help Net Security “I didn’t really have a choice,” says Ben Bernstein, the former CEO and co-founder of Twistlock (acquired by Palo Alto Networks in 2019) and the CEO and co-founder of a new cybersecurity startup that is still in stealth. “Building a

React to this headline:

Serial cybersecurity founders get back in the game Read More »

Latest fraud schemes targeting the payments ecosystem

Cryptocurrency, cybercrime, cybercriminals, cybersecurity, fraud, News, Online, Ransomware, report, survey, Visa / SecurityTicks

Latest fraud schemes targeting the payments ecosystem 13/09/2023 at 06:33 By Help Net Security Threat actors continued to exploit technical misconfigurations through various fraud schemes, according to a new report from Visa. These include the use of malvertising and search engine optimization (SEO) techniques to cultivate compelling and effective phishing and social engineering campaigns, the

React to this headline:

Latest fraud schemes targeting the payments ecosystem Read More »

Privacy concerns cast a shadow on AI’s potential for software development

451 Research, Artificial Intelligence, cybersecurity, data, GitLab, News, report, software development, survey / SecurityTicks

Privacy concerns cast a shadow on AI’s potential for software development 13/09/2023 at 06:01 By Help Net Security Organizations are optimistic about AI, but AI adoption requires attention to privacy and security, productivity, and training, according to GitLab. “The transformational opportunity with AI goes way beyond creating code,” said David DeSanto, CPO, GitLab. “According to

React to this headline:

Privacy concerns cast a shadow on AI’s potential for software development Read More »

Microsoft, Adobe fix zero-days exploited by attackers (CVE-2023-26369, CVE-2023-36761, CVE-2023-36802)

Adobe, Automox, CVE, Don't miss, Hot stuff, Microsoft, Microsoft Exchange, News, patch, Patch Tuesday, security update, Tenable, Trend Micro / SecurityTicks

Microsoft, Adobe fix zero-days exploited by attackers (CVE-2023-26369, CVE-2023-36761, CVE-2023-36802) 12/09/2023 at 22:01 By Zeljka Zorz September 2023 Patch Tuesday is here, with fixes for actively exploited vulnerabilities in Adobe Acrobat and Reader (CVE-2023-26369), Microsoft Word (CVE-2023-36761), and Microsoft Streaming Service Proxy (CVE-2023-36802). Microsoft vulnerabilities of note Microsoft has delivered fixes for 61 CVE-numbered flaws:

React to this headline:

Microsoft, Adobe fix zero-days exploited by attackers (CVE-2023-26369, CVE-2023-36761, CVE-2023-36802) Read More »

Requests via Facebook Messenger lead to hijacked business accounts

account hijacking, Don't miss, Facebook, Facebook Messenger, Guardio, Hot stuff, Malware, News, phishing / SecurityTicks

Requests via Facebook Messenger lead to hijacked business accounts 12/09/2023 at 13:32 By Zeljka Zorz Hijackers of Facebook business accounts are relying on fake business inquiries and threats of page/account suspension to trick targets into downloading password-stealing malware. Examples of phishing messages. (Source: Guardio Labs) The campaign Hijacked Facebook business accounts a great way to

React to this headline:

Requests via Facebook Messenger lead to hijacked business accounts Read More »

Chrome zero-day exploited in the wild, patch now! (CVE-2023-4863)

0-day, Chrome, Don't miss, Google, Hot stuff, News, security update, vulnerability / SecurityTicks

Chrome zero-day exploited in the wild, patch now! (CVE-2023-4863) 12/09/2023 at 12:47 By Helga Labus Google has rolled out a security update for a critical Chrome zero-day vulnerability (CVE-2023-4863) exploited in the wild. About the vulnerability (CVE-2023-4863) CVE-2023-4863 is a critical heap buffer overflow vulnerability in the component that handles WebP, a raster graphics file

React to this headline:

Chrome zero-day exploited in the wild, patch now! (CVE-2023-4863) Read More »

17 free AWS cybersecurity courses you can take right now

Amazon Web Services, AWS, cloud security, Don't miss, Hot stuff, how-to, News, skill development, strategy, tips / SecurityTicks

17 free AWS cybersecurity courses you can take right now 12/09/2023 at 08:02 By Help Net Security Amazon Web Services (AWS) is the most extensive and widely-used cloud platform in the world, providing more than 200 services through global data centers. It serves millions of clients, ranging from startups to major corporations and government organizations.

React to this headline:

17 free AWS cybersecurity courses you can take right now Read More »

Companies need to rethink how they implement identity security

cybersecurity, data breach, MFA, News, Osterman Research, report, Silverfort, survey / SecurityTicks

Companies need to rethink how they implement identity security 12/09/2023 at 07:01 By Help Net Security More than 80% of organizations have experienced an identity-related breach that involved the use of compromised credentials, half of which happened in the past 12 months, according to Silverfort and Osterman Research. Lack of visibility into the identity attack

React to this headline:

Companies need to rethink how they implement identity security Read More »

CISOs need to be forceful to gain leverage in the boardroom

BSS, CISO, Cloud, cybersecurity, investment, News, report, survey / SecurityTicks

CISOs need to be forceful to gain leverage in the boardroom 12/09/2023 at 06:32 By Help Net Security Over 70% of CISOs feel that the importance of information security is not recognised by senior leadership, according to BSS. The CISOs said their top four highest investment priorities in 2023 are change management (35%), information security

React to this headline:

CISOs need to be forceful to gain leverage in the boardroom Read More »

Bruschetta-Board: Multi-protocol Swiss Army knife for hardware hackers

Don't miss, GitHub, hardware, News / SecurityTicks

Bruschetta-Board: Multi-protocol Swiss Army knife for hardware hackers 12/09/2023 at 06:02 By Help Net Security Bruschetta-Board is a device for all hardware hackers looking for a fairly-priced all-in-one debugger and programmer that supports UART, JTAG, I2C & SPI protocols and allows to interact with different targets’ voltages (i.e., 1.8, 2.5, 3.3 and 5 Volts!). A

React to this headline:

Bruschetta-Board: Multi-protocol Swiss Army knife for hardware hackers Read More »

Microsoft Teams users targeted in phishing attack delivering DarkGate malware

Don't miss, Hot stuff, Malware, Microsoft 365, Microsoft Teams, News, phishing / SecurityTicks

Microsoft Teams users targeted in phishing attack delivering DarkGate malware 11/09/2023 at 13:31 By Helga Labus A new phishing campaign taking advantage of an easily exploitable issue in Microsoft Teams to deliver malware has been flagged by researchers. Delivering malware to Microsoft Teams users Late last month, Truesec researchers spotted two compromised Microsoft 365 accounts

React to this headline:

Microsoft Teams users targeted in phishing attack delivering DarkGate malware Read More »

CISOs and board members work more closely than ever before

Artificial Intelligence, CISO, cybercrime, cybersecurity, Don't miss, News, Proofpoint, Ransomware, report, survey / SecurityTicks

CISOs and board members work more closely than ever before 11/09/2023 at 08:31 By Help Net Security 73% of board members believe they face the risk of a major cyber attack in the next 12 months, a notable increase from 65% in 2022, according to Proofpoint. Likewise, 53% feel unprepared to cope with a targeted

React to this headline:

CISOs and board members work more closely than ever before Read More »

The blueprint for a highly effective EASM solution

Compliance, cybersecurity, Don't miss, Features, framework, Hot stuff, misconfiguration, monitoring, News, opinion, remediation, SaaS, shadow IT, SIEM, Threat Intelligence, Uncovery, vulnerability / SecurityTicks

The blueprint for a highly effective EASM solution 11/09/2023 at 08:04 By Mirko Zorz In this Help Net Security interview, Adrien Petit, CEO at Uncovery, discusses the benefits that organizations can derive from implementing external attack surface management (EASM) solutions, the essential capabilities an EASM solution should possess, and how it deals with uncovering hidden

React to this headline:

The blueprint for a highly effective EASM solution Read More »

Email forwarding flaws enable attackers to impersonate high-profile domains

bug bounty, cybersecurity, Don't miss, Email, identity, Malware, News, report, spoofing, spyware, vulnerability / SecurityTicks

Email forwarding flaws enable attackers to impersonate high-profile domains 11/09/2023 at 07:02 By Help Net Security Sending an email with a forged address is easier than previously thought, due to flaws in the process that allows email forwarding, according to a research team led by computer scientists at the University of California San Diego. The

React to this headline:

Email forwarding flaws enable attackers to impersonate high-profile domains Read More »

Elevating API security to reinforce cyber defense

API security, cybersecurity, data breach, DDoS, News, Ponemon Institute, report, Traceable AI, zero trust / SecurityTicks

Elevating API security to reinforce cyber defense 11/09/2023 at 06:32 By Help Net Security While APIs are essential to many operations and used extensively, a lack of prioritization and understanding is leading us towards a growing API security crisis, according to a report by Traceable AI and Ponemon Institute. The urgency for API security Within

React to this headline:

Elevating API security to reinforce cyber defense Read More »

Week in review: 6 free resources for getting started in cybersecurity, Patch Tuesday forecast

News, Week in review / SecurityTicks

Week in review: 6 free resources for getting started in cybersecurity, Patch Tuesday forecast 10/09/2023 at 11:02 By Help Net Security Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: The misconceptions preventing wider adoption of digital signatures In this Help Net Security interview, Thorsten Hau, CEO at fidentity,

React to this headline:

Week in review: 6 free resources for getting started in cybersecurity, Patch Tuesday forecast Read More »

Unpatched Cisco ASA flaw exploited by attackers (CVE-2023-20269)

brute-force, Cisco, Don't miss, Hot stuff, News, Rapid7, vulnerability / SecurityTicks

Unpatched Cisco ASA flaw exploited by attackers (CVE-2023-20269) 08/09/2023 at 14:02 By Zeljka Zorz A vulnerability (CVE-2023-20269) in Cisco Adaptive Security Appliance (ASA) and Cisco Firepower Threat Defense (FTD) firewalls is being exploited by attackers to gain access to vulnerable internet-exposed devices. “This vulnerability was found during the resolution of a Cisco TAC support case,”

React to this headline:

Unpatched Cisco ASA flaw exploited by attackers (CVE-2023-20269) Read More »

North Korean hackers target security researchers with zero-day exploit

0-day, Don't miss, Google, Hot stuff, News, North Korea, social engineering / SecurityTicks

North Korean hackers target security researchers with zero-day exploit 08/09/2023 at 12:32 By Helga Labus North Korean threat actors are once again attempting to compromise security researchers’ machines by employing a zero-day exploit. The warning comes from Google’s own security researchers Clement Lecigne and Maddie Stone, who detailed the latest campaign mounted by government-backed attackers.

React to this headline:

North Korean hackers target security researchers with zero-day exploit Read More »

Apple patches two zero-days under attack (CVE-2023-41064, CVE-2023-41061)

0-day, apple, Don't miss, exploit, Hot stuff, iOS, macOS, News, spyware / SecurityTicks

Apple patches two zero-days under attack (CVE-2023-41064, CVE-2023-41061) 08/09/2023 at 11:46 By Zeljka Zorz Apple has patched two zero-day vulnerabilities (CVE-2023-41064, CVE-2023-41061) exploited to deliver NSO Group’s Pegasus spyware. “The exploit chain was capable of compromising iPhones running the latest version of iOS (16.6) without any interaction from the victim,” Citizen Lab shared. “The exploit

React to this headline:

Apple patches two zero-days under attack (CVE-2023-41064, CVE-2023-41061) Read More »