News

Aranya: Open-source toolkit to accelerate secure by design concepts

Aranya: Open-source toolkit to accelerate secure by design concepts 2024-10-21 at 06:31 By Help Net Security SpiderOak launched its core technology platform as an open-source project called Aranya. This release provides the same level of security as the company’s platform, which is already in use by the Department of Defense. The Aranya project marks a […]

React to this headline:

Loading spinner

Aranya: Open-source toolkit to accelerate secure by design concepts Read More »

Should the CISOs role be split into two functions?

Should the CISOs role be split into two functions? 2024-10-21 at 06:01 By Help Net Security 84% of CISOs believe the role needs to be split into two functions – one technical and one business-focused, to maximize security and organizational resilience, according to Trellix. Regulatory demands pose a growing challenge for CISOs The research reveals

React to this headline:

Loading spinner

Should the CISOs role be split into two functions? Read More »

Week in review: 87k+ Fortinet devices still open to attack, red teaming tool used for EDR evasion

Week in review: 87k+ Fortinet devices still open to attack, red teaming tool used for EDR evasion 2024-10-20 at 11:10 By Help Net Security Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: 87,000+ Fortinet devices still open to attack, are yours among them? (CVE-2024-23113) Last week, CISA added

React to this headline:

Loading spinner

Week in review: 87k+ Fortinet devices still open to attack, red teaming tool used for EDR evasion Read More »

Microsoft lost some customers’ cloud security logs

Microsoft lost some customers’ cloud security logs 2024-10-18 at 16:46 By Zeljka Zorz Microsoft has lost several weeks of cloud security logs that its customers rely on to spot cyber intrusions. What happened As reported by Business Insider earlier this month, Microsoft privately notified affected customers of this incident and told them the failure was

React to this headline:

Loading spinner

Microsoft lost some customers’ cloud security logs Read More »

Israeli orgs targeted with wiper malware via ESET-branded emails

Israeli orgs targeted with wiper malware via ESET-branded emails 2024-10-18 at 13:32 By Zeljka Zorz Attackers have tried to deliver wiper malware to employees at organizations across Israel by impersonating cybersecurity company ESET via email. The phishing email The attack took the form of a phishing email ostensibly sent by the “Eset Advanced Threat Defense

React to this headline:

Loading spinner

Israeli orgs targeted with wiper malware via ESET-branded emails Read More »

Despite massive security spending, 44% of CISOs fail to detect breaches

Despite massive security spending, 44% of CISOs fail to detect breaches 2024-10-18 at 07:31 By Help Net Security Despite global information security spending projected to reach $215 billion in 2024, 44% of CISOs surveyed reported they were unable to detect a data breach in the last 12 months using existing security tools, according to Gigamon.

React to this headline:

Loading spinner

Despite massive security spending, 44% of CISOs fail to detect breaches Read More »

What to do if your iPhone or Android smartphone gets stolen?

What to do if your iPhone or Android smartphone gets stolen? 2024-10-18 at 07:01 By Help Net Security A lost, stolen, or compromised smartphone today means we are in serious trouble. Most people have everything related to their personal and professional lives stored on their phones, a fact that criminals are well aware of. Cybersecurity

React to this headline:

Loading spinner

What to do if your iPhone or Android smartphone gets stolen? Read More »

New infosec products of the week: October 18, 2024

New infosec products of the week: October 18, 2024 2024-10-18 at 06:01 By Help Net Security Here’s a look at the most interesting products from the past week, featuring releases from ExtraHop, GitGuardian, Nametag, Okta, Rubrik, and Sectigo. GitGuardian Visual Studio Code extension helps developers protect their sensitive information GitGuardian’s new Visual Studio Code extension

React to this headline:

Loading spinner

New infosec products of the week: October 18, 2024 Read More »

Fake Google Meet pages deliver infostealers

Fake Google Meet pages deliver infostealers 2024-10-17 at 14:47 By Zeljka Zorz Users of the Google Meet video communication service have been targeted by cyber crooks using the ClickFix tactic to infect them with information-stealing malware. Fake Google Meet video conference page with malicious ClickFix pop-up (Source: Sekoia) “The ClickFix tactic deceives users into downloading

React to this headline:

Loading spinner

Fake Google Meet pages deliver infostealers Read More »

The role of compromised cyber-physical devices in modern cyberattacks

The role of compromised cyber-physical devices in modern cyberattacks 2024-10-17 at 11:46 By Zeljka Zorz Cyber-physical devices are increasingly getting compromised and leveraged by criminal groups and state-sponsored threat actors. Fyodor Yarochkin, Senior Threat Solution Architect with Trend Micro, believes that getting a better understanding of attackers’ infrastructure leads to a better understanding of the

React to this headline:

Loading spinner

The role of compromised cyber-physical devices in modern cyberattacks Read More »

MongoDB Queryable Encryption now supports range queries on encrypted data

MongoDB Queryable Encryption now supports range queries on encrypted data 2024-10-17 at 10:01 By Mirko Zorz MongoDB Queryable Encryption allows customers to securely encrypt sensitive application data and store it in an encrypted format within the MongoDB database. It also enables direct equality and range queries on the encrypted data without the need for cryptographic

React to this headline:

Loading spinner

MongoDB Queryable Encryption now supports range queries on encrypted data Read More »

GhostStrike: Open-source tool for ethical hacking

GhostStrike: Open-source tool for ethical hacking 2024-10-17 at 07:31 By Mirko Zorz GhostStrike is an open-source, advanced cybersecurity tool tailored for ethical hacking and Red Team operations. It incorporates cutting-edge techniques, including process hollowing, to stealthily evade detection on Windows systems, making it an asset for penetration testing and security assessments. “I decided to develop

React to this headline:

Loading spinner

GhostStrike: Open-source tool for ethical hacking Read More »

How NIS2 will impact sectors from healthcare to energy

How NIS2 will impact sectors from healthcare to energy 2024-10-17 at 07:02 By Mirko Zorz In this Help Net Security interview, Mick Baccio, Global Security Advisor at Splunk SURGe, discusses the far-reaching implications of the NIS2 Directive beyond traditional IT security. He explains how NIS2 will fundamentally change cybersecurity governance, making it a core aspect

React to this headline:

Loading spinner

How NIS2 will impact sectors from healthcare to energy Read More »

Why companies are struggling to keep up with SaaS data protection

Why companies are struggling to keep up with SaaS data protection 2024-10-17 at 06:01 By Help Net Security While businesses increasingly rely on SaaS tools, many leaders are not fully confident in their ability to safeguard their data, according to Keepit. Growing concerns over SaaS data protection According to the survey, while 28% of respondents

React to this headline:

Loading spinner

Why companies are struggling to keep up with SaaS data protection Read More »

Defenders must adapt to shrinking exploitation timelines

Defenders must adapt to shrinking exploitation timelines 2024-10-16 at 15:16 By Zeljka Zorz A new report from Mandiant reveals that the average time-to-exploit vulnerabilities before or after a patch is released has plunged to just five days in 2023, down from 32 days in 2021 in 2022. One reason for this is the fact that,

React to this headline:

Loading spinner

Defenders must adapt to shrinking exploitation timelines Read More »

Android 15 unveils new security features to protect sensitive data

Android 15 unveils new security features to protect sensitive data 2024-10-16 at 13:20 By Help Net Security Android 15 brings enhanced security features to protect your sensitive health, financial, and personal data from theft and fraud. It also introduces productivity improvements for large-screen devices and updates to apps like the camera, messaging, and passkeys. Android

React to this headline:

Loading spinner

Android 15 unveils new security features to protect sensitive data Read More »

Resilience over reliance: Preparing for IT failures in an unpredictable digital world

Resilience over reliance: Preparing for IT failures in an unpredictable digital world 2024-10-16 at 07:31 By Help Net Security No IT system — no matter how advanced – is completely immune to failure. The promise of a digital ring of steel may sound attractive, but can it protect you against hardware malfunctions? Software bugs? Unexpected

React to this headline:

Loading spinner

Resilience over reliance: Preparing for IT failures in an unpredictable digital world Read More »

Strengthening Kubernetes security posture with these essential steps

Strengthening Kubernetes security posture with these essential steps 2024-10-16 at 07:01 By Mirko Zorz In this Help Net Security interview, Paolo Mainardi, CTO at SparkFabrik, discusses comprehensive strategies to secure Kubernetes environments from development through deployment. He focuses on best practices, automation, and continuous monitoring. Many security risks in Kubernetes originate from vulnerable container images.

React to this headline:

Loading spinner

Strengthening Kubernetes security posture with these essential steps Read More »

Cybersecurity jobs available right now: October 16, 2024

Cybersecurity jobs available right now: October 16, 2024 2024-10-16 at 06:31 By Anamarija Pogorelec Application Security Engineer Cognism | France | Hybrid – View job details As an Application Security Engineer, you will conduct in-depth security assessments of web applications, identifying vulnerabilities using automated tools (e.g., SAST, DAST) and manual techniques. You will analyze source

React to this headline:

Loading spinner

Cybersecurity jobs available right now: October 16, 2024 Read More »

Scroll to Top