News - Security Ticks

Fortinet releases patches for undisclosed critical FortiManager vulnerability

Don't miss, enterprise, Fortinet, Hot stuff, News, patch, security update / SecurityTicks

Fortinet releases patches for undisclosed critical FortiManager vulnerability 2024-10-21 at 16:48 By Zeljka Zorz In the last couple of days, Fortinet has released critical security updates for FortiManager, to fix a critical vulnerability that is reportedly being exploited by Chinese threat actors. Security updates are trickling out The company, which is known for pushing out […]

Fortinet releases patches for undisclosed critical FortiManager vulnerability Read More »

The Internet Archive breach continues

credentials, data breach, Don't miss, Hot stuff, Internet Archive, News / SecurityTicks

The Internet Archive breach continues 2024-10-21 at 12:46 By Zeljka Zorz Cybersecurity troubles are not over for the Internet Archive (IA), the nonprofit organization behind the popular digital library site: after the recent DDoS attacks, defacement and data breach, an email sent via its Zendesk customer service platform has shown that some of its IT

The Internet Archive breach continues Read More »

Building secure AI with MLSecOps

Artificial Intelligence, cybersecurity, Don't miss, Features, Hot stuff, machine learning, News, opinion, Protect AI / SecurityTicks

Building secure AI with MLSecOps 2024-10-21 at 07:31 By Mirko Zorz In this Help Net Security interview, Ian Swanson, CEO of Protect AI, discusses the concept of “secure AI by design.” By adopting frameworks like Machine Learning Security Operations (MLSecOps) and focusing on transparency, organizations can build resilient AI systems that are both safe and

Building secure AI with MLSecOps Read More »

Aranya: Open-source toolkit to accelerate secure by design concepts

Don't miss, GitHub, News, open source, software, SpiderOak / SecurityTicks

Aranya: Open-source toolkit to accelerate secure by design concepts 2024-10-21 at 06:31 By Help Net Security SpiderOak launched its core technology platform as an open-source project called Aranya. This release provides the same level of security as the company’s platform, which is already in use by the Department of Defense. The Aranya project marks a

Aranya: Open-source toolkit to accelerate secure by design concepts Read More »

Should the CISOs role be split into two functions?

CISO, cybersecurity, News, regulation, report, survey, Trellix / SecurityTicks

Should the CISOs role be split into two functions? 2024-10-21 at 06:01 By Help Net Security 84% of CISOs believe the role needs to be split into two functions – one technical and one business-focused, to maximize security and organizational resilience, according to Trellix. Regulatory demands pose a growing challenge for CISOs The research reveals

Should the CISOs role be split into two functions? Read More »

Week in review: 87k+ Fortinet devices still open to attack, red teaming tool used for EDR evasion

News, Week in review / SecurityTicks

Week in review: 87k+ Fortinet devices still open to attack, red teaming tool used for EDR evasion 2024-10-20 at 11:10 By Help Net Security Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: 87,000+ Fortinet devices still open to attack, are yours among them? (CVE-2024-23113) Last week, CISA added

Week in review: 87k+ Fortinet devices still open to attack, red teaming tool used for EDR evasion Read More »

Microsoft lost some customers’ cloud security logs

cloud security, Don't miss, enterprise, Hot stuff, logging, Microsoft, Microsoft Azure, News / SecurityTicks

Microsoft lost some customers’ cloud security logs 2024-10-18 at 16:46 By Zeljka Zorz Microsoft has lost several weeks of cloud security logs that its customers rely on to spot cyber intrusions. What happened As reported by Business Insider earlier this month, Microsoft privately notified affected customers of this incident and told them the failure was

Microsoft lost some customers’ cloud security logs Read More »

Israeli orgs targeted with wiper malware via ESET-branded emails

ESET, Hot stuff, Israel, Malware, News, phishing / SecurityTicks

Israeli orgs targeted with wiper malware via ESET-branded emails 2024-10-18 at 13:32 By Zeljka Zorz Attackers have tried to deliver wiper malware to employees at organizations across Israel by impersonating cybersecurity company ESET via email. The phishing email The attack took the form of a phishing email ostensibly sent by the “Eset Advanced Threat Defense

Israeli orgs targeted with wiper malware via ESET-branded emails Read More »

Arrested: USDoD, Anonymous Sudan, SEC X account hacker

account hijacking, arrest, cybercriminals, data breach, DDoS, Hot stuff, News, USA / SecurityTicks

Arrested: USDoD, Anonymous Sudan, SEC X account hacker 2024-10-18 at 12:22 By Zeljka Zorz Law enforcement agencies have arrested suspects involved in cyber attacks claimed by USDoD and Anonymous Sudan, as well as a person involved in the hacking of SEC’s X (Twitter) account. USDoD On Wednesday, the Brazilian federal police (Policia Federal) arrested a

Arrested: USDoD, Anonymous Sudan, SEC X account hacker Read More »

Despite massive security spending, 44% of CISOs fail to detect breaches

CISO, cybersecurity, Gigamon, News, report, survey / SecurityTicks

Despite massive security spending, 44% of CISOs fail to detect breaches 2024-10-18 at 07:31 By Help Net Security Despite global information security spending projected to reach $215 billion in 2024, 44% of CISOs surveyed reported they were unable to detect a data breach in the last 12 months using existing security tools, according to Gigamon.

Despite massive security spending, 44% of CISOs fail to detect breaches Read More »

What to do if your iPhone or Android smartphone gets stolen?

Android, cybercrime, cybersecurity, iPhone, mobile security, News, theft, tips / SecurityTicks

What to do if your iPhone or Android smartphone gets stolen? 2024-10-18 at 07:01 By Help Net Security A lost, stolen, or compromised smartphone today means we are in serious trouble. Most people have everything related to their personal and professional lives stored on their phones, a fact that criminals are well aware of. Cybersecurity

What to do if your iPhone or Android smartphone gets stolen? Read More »

New infosec products of the week: October 18, 2024

ExtraHop, GitGuardian, Nametag, News, Okta, Rubrik, Sectigo / SecurityTicks

New infosec products of the week: October 18, 2024 2024-10-18 at 06:01 By Help Net Security Here’s a look at the most interesting products from the past week, featuring releases from ExtraHop, GitGuardian, Nametag, Okta, Rubrik, and Sectigo. GitGuardian Visual Studio Code extension helps developers protect their sensitive information GitGuardian’s new Visual Studio Code extension

New infosec products of the week: October 18, 2024 Read More »

Fake Google Meet pages deliver infostealers

Don't miss, Hot stuff, macOS, Malware, News, Proofpoint, Sekoia.io, social engineering, video conferencing, Windows / SecurityTicks

Fake Google Meet pages deliver infostealers 2024-10-17 at 14:47 By Zeljka Zorz Users of the Google Meet video communication service have been targeted by cyber crooks using the ClickFix tactic to infect them with information-stealing malware. Fake Google Meet video conference page with malicious ClickFix pop-up (Source: Sekoia) “The ClickFix tactic deceives users into downloading

Fake Google Meet pages deliver infostealers Read More »

The role of compromised cyber-physical devices in modern cyberattacks

Don't miss, Features, Hot stuff, ICS/SCADA, IIoT, IoT, News, OT, router, security cameras, smart building, smart grid, smart home, supply chain compromise, Trend Micro / SecurityTicks

The role of compromised cyber-physical devices in modern cyberattacks 2024-10-17 at 11:46 By Zeljka Zorz Cyber-physical devices are increasingly getting compromised and leveraged by criminal groups and state-sponsored threat actors. Fyodor Yarochkin, Senior Threat Solution Architect with Trend Micro, believes that getting a better understanding of attackers’ infrastructure leads to a better understanding of the

The role of compromised cyber-physical devices in modern cyberattacks Read More »

MongoDB Queryable Encryption now supports range queries on encrypted data

MongoDB, News / SecurityTicks

MongoDB Queryable Encryption now supports range queries on encrypted data 2024-10-17 at 10:01 By Mirko Zorz MongoDB Queryable Encryption allows customers to securely encrypt sensitive application data and store it in an encrypted format within the MongoDB database. It also enables direct equality and range queries on the encrypted data without the need for cryptographic

MongoDB Queryable Encryption now supports range queries on encrypted data Read More »

GhostStrike: Open-source tool for ethical hacking

Don't miss, GitHub, Hot stuff, News, open source, software / SecurityTicks

GhostStrike: Open-source tool for ethical hacking 2024-10-17 at 07:31 By Mirko Zorz GhostStrike is an open-source, advanced cybersecurity tool tailored for ethical hacking and Red Team operations. It incorporates cutting-edge techniques, including process hollowing, to stealthily evade detection on Windows systems, making it an asset for penetration testing and security assessments. “I decided to develop

GhostStrike: Open-source tool for ethical hacking Read More »

How NIS2 will impact sectors from healthcare to energy

CISO, Compliance, cybersecurity, Don't miss, EU, Features, framework, Hot stuff, News, opinion, Risk Management, security standard, Splunk, strategy / SecurityTicks

How NIS2 will impact sectors from healthcare to energy 2024-10-17 at 07:02 By Mirko Zorz In this Help Net Security interview, Mick Baccio, Global Security Advisor at Splunk SURGe, discusses the far-reaching implications of the NIS2 Directive beyond traditional IT security. He explains how NIS2 will fundamentally change cybersecurity governance, making it a core aspect

How NIS2 will impact sectors from healthcare to energy Read More »

Why companies are struggling to keep up with SaaS data protection

cybersecurity, data security, Keepit, News, report, SaaS, survey / SecurityTicks

Why companies are struggling to keep up with SaaS data protection 2024-10-17 at 06:01 By Help Net Security While businesses increasingly rely on SaaS tools, many leaders are not fully confident in their ability to safeguard their data, according to Keepit. Growing concerns over SaaS data protection According to the survey, while 28% of respondents

Why companies are struggling to keep up with SaaS data protection Read More »

Defenders must adapt to shrinking exploitation timelines

0-day, Don't miss, exploit, Hot stuff, Mandiant, News, patching, report, vulnerability management / SecurityTicks

Defenders must adapt to shrinking exploitation timelines 2024-10-16 at 15:16 By Zeljka Zorz A new report from Mandiant reveals that the average time-to-exploit vulnerabilities before or after a patch is released has plunged to just five days in 2023, down from 32 days in 2021 in 2022. One reason for this is the fact that,

Defenders must adapt to shrinking exploitation timelines Read More »

Android 15 unveils new security features to protect sensitive data

Android, data theft, Don't miss, Google, hardware, mobile devices, News, Privacy, smartphones / SecurityTicks

Android 15 unveils new security features to protect sensitive data 2024-10-16 at 13:20 By Help Net Security Android 15 brings enhanced security features to protect your sensitive health, financial, and personal data from theft and fraud. It also introduces productivity improvements for large-screen devices and updates to apps like the camera, messaging, and passkeys. Android

Android 15 unveils new security features to protect sensitive data Read More »