News - Security Ticks

Cybercriminals exploit file sharing services to advance phishing attacks

Abnormal Security, attacks, BEC scams, cybercrime, cybersecurity, News, phishing, report, survey / SecurityTicks

Cybercriminals exploit file sharing services to advance phishing attacks 2024-08-20 at 06:01 By Help Net Security Threat actors use popular file-hosting or e-signature solutions as a disguise to manipulate their targets into revealing private information or downloading malware, according to Abnormal Security. A file-sharing phishing attack is a unique type of phishing threat in which […]

Cybercriminals exploit file sharing services to advance phishing attacks Read More »

Stolen, locked payment cards can be used with digital wallet apps

apple, Banks, digital wallet, Don't miss, financial industry, fraud, Google, Hot stuff, mobile payment, News, online payment, PayPal, research, vulnerability / SecurityTicks

Stolen, locked payment cards can be used with digital wallet apps 2024-08-19 at 21:32 By Zeljka Zorz Fraudsters can add stolen payment cards to digital wallet apps and continue making online purchases even after victims’ report the card stolen and the bank blocks it, computer engineers with University of Massachusetts Amherst and Pennsylvania State University

Stolen, locked payment cards can be used with digital wallet apps Read More »

Mandatory MFA for Azure sign-ins is coming

account protection, Don't miss, Hot stuff, MFA, Microsoft Azure, News / SecurityTicks

Mandatory MFA for Azure sign-ins is coming 2024-08-19 at 12:31 By Zeljka Zorz Microsoft is making multi-factor authentication (MFA) – “one of the most effective security measures available” – mandatory for all Azure sign-ins. Preparing for mandatory MFA for Azure The plan is for the shift to happen in two phases: October 2024: MFA will

Mandatory MFA for Azure sign-ins is coming Read More »

To improve your cybersecurity posture, focus on the data

Comcast, cybersecurity, data analysis, data security, Don't miss, enterprise, Expert analysis, Expert corner, Hot stuff, News, opinion / SecurityTicks

To improve your cybersecurity posture, focus on the data 2024-08-19 at 07:31 By Help Net Security Effectively converging, managing and using enterprise data is a huge undertaking. Enterprises have vast hoards of data, but those hoards exist within siloed systems and applications, and it requires a lot of manual effort by highly skilled data scientists,

To improve your cybersecurity posture, focus on the data Read More »

x64dbg: Open-source binary debugger for Windows

bug hunting, GitHub, malware analysis, News, open source, reverse engineering, software, Windows / SecurityTicks

x64dbg: Open-source binary debugger for Windows 2024-08-19 at 07:01 By Mirko Zorz x64dbg is an open-source binary debugger for Windows, designed for malware analysis and reverse engineering of executables without access to the source code. It offers a wide range of features and a plugin system, allowing you to customize and extend its capabilities to

x64dbg: Open-source binary debugger for Windows Read More »

Protecting academic assets: How higher education can enhance cybersecurity

CISO, cybersecurity, Don't miss, education, Hot stuff, News, strategy, tips, Video / SecurityTicks

Protecting academic assets: How higher education can enhance cybersecurity 2024-08-19 at 06:31 By Help Net Security Cyber attacks against higher education institutions increased by 70% in 2023. This is largely due to legacy endpoint security management and practices, limited IT support staff, and overwhelming amounts of data, much of which is PII (personally identifiable information).

Protecting academic assets: How higher education can enhance cybersecurity Read More »

Common API security issues: From exposed secrets to unauthorized access

Akamai, API security, Cloudflare, cybersecurity, Escape, F5 Networks, Fastly, News, Nightfall AI, report, survey / SecurityTicks

Common API security issues: From exposed secrets to unauthorized access 2024-08-19 at 06:01 By Help Net Security Despite their role in connecting applications and driving innovation, APIs often suffer from serious security vulnerabilities. Recent investigations reveal that many organizations are struggling with exposed secrets such as passwords and API keys, which attackers frequently misuse. The

Common API security issues: From exposed secrets to unauthorized access Read More »

Week in review: MS Office flaw may leak NTLM hashes, malicious Chrome, Edge browser extensions

News, Week in review / SecurityTicks

Week in review: MS Office flaw may leak NTLM hashes, malicious Chrome, Edge browser extensions 2024-08-18 at 11:01 By Help Net Security Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: Unpatched MS Office flaw may leak NTLM hashes to attackers (CVE-2024-38200) A new MS Office zero-day vulnerability (CVE-2024-38200)

Week in review: MS Office flaw may leak NTLM hashes, malicious Chrome, Edge browser extensions Read More »

Tech support scammers impersonate Google via malicious search ads

Don't miss, Google, Hot stuff, malvertising, Malwarebytes, News, tech support scam / SecurityTicks

Tech support scammers impersonate Google via malicious search ads 2024-08-16 at 14:01 By Zeljka Zorz Google Search ads that target users looking for Google’s own services lead them to spoofed sites and Microsoft and Apple tech support scams. The fake Google Search ads (Source: Malwarebytes) “In this particular scheme, all web resources used from start

Tech support scammers impersonate Google via malicious search ads Read More »

Observations from Black Hat USA 2024, BSidesLV, and DEF CON 32

Artificial Intelligence, conferences, cybersecurity, Don't miss, Expert analysis, Expert corner, Hot stuff, IoT, Microsoft, News, opinion, Privacy, SANS, Signal, software development, SonicWall, supply chain attacks / SecurityTicks

Observations from Black Hat USA 2024, BSidesLV, and DEF CON 32 2024-08-16 at 12:46 By Help Net Security I recently spent six days in Las Vegas attending DEF CON, BsidesLV, and Black Hat USA 2024, where I had the opportunity to engage with and learn from some of the top security experts in the world.

Observations from Black Hat USA 2024, BSidesLV, and DEF CON 32 Read More »

Business and tech consolidation opens doors for cybercriminals

cybersecurity, Insurance, News, Ransomware, report, Resilience Insurance / SecurityTicks

Business and tech consolidation opens doors for cybercriminals 2024-08-16 at 07:36 By Help Net Security Cyber threats continued to intensify in the first half of 2024 as cybercriminals exploited security gaps from growing business and technological consolidation, according to Resilience. Consolidation in business and tech fuels new third-party risks Rebounding merger and acquisition (M&A) activity

Business and tech consolidation opens doors for cybercriminals Read More »

Authentik: Open-source identity provider

authentication, Don't miss, GitHub, Hot stuff, News, open source, software / SecurityTicks

Authentik: Open-source identity provider 2024-08-16 at 07:01 By Mirko Zorz Authentik is an open-source identity provider designed for maximum flexibility and adaptability. It easily integrates into existing environments and supports new protocols. It’s a comprehensive solution for implementing features like sign-up, account recovery, and more in your application, eliminating the need to manage these tasks

Authentik: Open-source identity provider Read More »

How NoCode and LowCode free up resources for cybersecurity

News, Risk Management, strategy, tips, Video / SecurityTicks

How NoCode and LowCode free up resources for cybersecurity 2024-08-16 at 06:31 By Help Net Security In this Help Net Security video, Frederic Najman, Executive Member of the SFPN (French Union of NoCode Professionals), discusses how NoCode and LowCode technologies enable companies to free up development resources to tackle cybersecurity issues. In a context where

How NoCode and LowCode free up resources for cybersecurity Read More »

New infosec products of the week: August 16, 2024

ClearSale, Guardio, Ivanti, News, Resecurity, Stellar / SecurityTicks

New infosec products of the week: August 16, 2024 2024-08-16 at 06:01 By Help Net Security Here’s a look at the most interesting products from the past week, featuring releases from ClearSale, Guardio, Ivanti, Resecurity, and Stellar. Resecurity unveils new AI-driven Fraud Prevention Platform Resecurity unveiled its advanced AI-driven Fraud Prevention Platform. This versatile solution

New infosec products of the week: August 16, 2024 Read More »

Hide yo environment files! Or risk getting your cloud-stored data stolen and held for ransom

AWS, cloud security, credentials, data theft, Don't miss, extortion, Hot stuff, misconfiguration, News, Palo Alto Networks / SecurityTicks

Hide yo environment files! Or risk getting your cloud-stored data stolen and held for ransom 2024-08-15 at 17:16 By Zeljka Zorz Cybercriminals are breaking into organizations’ cloud storage containers, exfiltrating their sensitive data and, in several cases, have been paid off by the victim organizations to not leak or sell the stolen data. “The attackers

Hide yo environment files! Or risk getting your cloud-stored data stolen and held for ransom Read More »

Critical RCE bug in SolarWinds Web Help Desk fixed (CVE-2024-28986)

CVE, Don't miss, enterprise, Hot stuff, Java, MSP, News, SMBs, vulnerability / SecurityTicks

Critical RCE bug in SolarWinds Web Help Desk fixed (CVE-2024-28986) 2024-08-15 at 14:45 By Zeljka Zorz SolarWinds has fixed a critical vulnerability (CVE-2024-28986) in its Web Help Desk (WHD) solution that may allow attackers to run commands on the host machine. “While it was reported as an unauthenticated vulnerability, SolarWinds has been unable to reproduce

Critical RCE bug in SolarWinds Web Help Desk fixed (CVE-2024-28986) Read More »

74% of IT professionals worry AI tools will replace them

Artificial Intelligence, cybersecurity, News, Pluralsight, report, survey, threat / SecurityTicks

74% of IT professionals worry AI tools will replace them 2024-08-15 at 07:31 By Help Net Security 56% of security professionals are concerned about AI-powered threats, according to Pluralsight. Many organizations lack structured AI training Over half of surveyed technologists are either extremely concerned or moderately concerned about AI-powered threats, with only 6% saying they

74% of IT professionals worry AI tools will replace them Read More »

The AI balancing act: Unlocking potential, dealing with security issues, complexity

1Password, Action1, Artificial Intelligence, Cisco, Cloud Security Alliance, Code42, cybersecurity, generative AI, Google Cloud, Netskope, News, report, survey, TeleSign, Trellix, VikingCloud / SecurityTicks

The AI balancing act: Unlocking potential, dealing with security issues, complexity 2024-08-15 at 06:31 By Help Net Security The rapid integration of AI and GenAI technologies creates a complex mix of challenges and opportunities for organizations. While the potential benefits are clear, many companies struggle with AI literacy, cautious adoption, and the risks of immature

The AI balancing act: Unlocking potential, dealing with security issues, complexity Read More »

DDoS attack volume rises, peak power reaches 1.7 Tbps

DDoS, Gcore, News, report, survey / SecurityTicks

DDoS attack volume rises, peak power reaches 1.7 Tbps 2024-08-15 at 06:01 By Help Net Security The total number of DDoS attacks during H1 2024 amounted to 830,000, an increase of 46% when compared to H1 2023, according to Gcore. Peak attack power rose from 1.6 terabits per second (Tbps) in H2 2023 to 1.7

DDoS attack volume rises, peak power reaches 1.7 Tbps Read More »

Delta vs. CrowdStrike: The duties vendors owe to customers – or do they?

Axio, cybersecurity, data breach, Don't miss, Expert analysis, Expert corner, Hot stuff, law, lawsuit, News, opinion, risk, threats / SecurityTicks

Delta vs. CrowdStrike: The duties vendors owe to customers – or do they? 2024-08-14 at 08:01 By Help Net Security In a potentially groundbreaking dispute, Delta Air Lines is threatening to sue CrowdStrike, a leading cybersecurity firm, for alleged negligence and breach of contract. This case brings to the forefront critical questions about the duties

Delta vs. CrowdStrike: The duties vendors owe to customers – or do they? Read More »