News

Dropbox says attackers accessed customer and MFA info, API keys

data breach, digital signature, Don't miss, Dropbox, Hot stuff, News, privileged accounts /

Dropbox says attackers accessed customer and MFA info, API keys 2024-05-02 at 12:01 By Zeljka Zorz File hosting service Dropbox has confirmed that attackers have breached the Dropbox Sign production environment and accessed customer personal and authentication information. “From a technical perspective, Dropbox Sign’s infrastructure is largely separate from other Dropbox services. That said, we […]

Dropbox says attackers accessed customer and MFA info, API keys Read More »

2024 Data Breach Investigations Report: Most breaches involve a non-malicious human element

CISO, cybersecurity, Don't miss, Hot stuff, News, report, strategy, Verizon /

2024 Data Breach Investigations Report: Most breaches involve a non-malicious human element 2024-05-02 at 08:31 By Help Net Security The exploitation of vulnerabilities as an initial point of entry almost tripled from the previous year, accounting for 14% of all breaches, according to Verizon’s 2024 Data Breach Investigations Report, which analyzed a record-high 30,458 security

2024 Data Breach Investigations Report: Most breaches involve a non-malicious human element Read More »

Securing your organization’s supply chain: Reducing the risks of third parties

cybercrime, cybersecurity, data security, Don't miss, Expert analysis, Expert corner, Hot stuff, i-confidential, News, opinion, risk, supply chain, third party compromise /

Securing your organization’s supply chain: Reducing the risks of third parties 2024-05-02 at 08:16 By Help Net Security When Stephen Hawking said that “we are all now connected by the internet, like neurons in a giant brain”, very few people understood the gravity of his statement. But ten years on from his famous interview with

Securing your organization’s supply chain: Reducing the risks of third parties Read More »

Understanding emerging AI and data privacy regulations

Artificial Intelligence, Compliance, cybersecurity, Data Protection, Don't miss, EU, Europe, Features, Government, Hot stuff, Immuta, law, News, opinion, regulation, Risk Management, USA /

Understanding emerging AI and data privacy regulations 2024-05-02 at 08:01 By Mirko Zorz In this Help Net Security interview, Sophie Stalla-Bourdillon, Senior Privacy Counsel & Legal Engineer at Immuta, discusses the AI Act, the Data Act, and the Health Data Space Regulation. Learn how these regulations interact, their implications for both public and private sectors,

Understanding emerging AI and data privacy regulations Read More »

reNgine: Open-source automated reconnaissance framework for web applications

automation, Don't miss, GitHub, Hot stuff, News, open source, penetration testing, reconnaissance, software /

reNgine: Open-source automated reconnaissance framework for web applications 2024-05-02 at 07:31 By Mirko Zorz reNgine is an open-source automated reconnaissance framework for web applications that focuses on a highly configurable and streamlined recon process. Developing reNgine reNgine was developed to overcome the constraints of conventional reconnaissance tools. It is a good choice for bug bounty

reNgine: Open-source automated reconnaissance framework for web applications Read More »

Women rising in cybersecurity roles, but roadblocks remain

cybersecurity, Don't miss, ISC2, News, report, survey /

Women rising in cybersecurity roles, but roadblocks remain 2024-05-02 at 07:01 By Help Net Security The ISC2 study on women in cybersecurity, a comprehensive research effort that collected responses from 2,400 women, has revealed several significant findings. These include promising trends in women’s entry into the profession, their roles within teams, and their comparable achievements

Women rising in cybersecurity roles, but roadblocks remain Read More »

AI-driven phishing attacks deceive even the most aware users

Artificial Intelligence, cybersecurity, generative AI, News, phishing, report, survey, Zscaler /

AI-driven phishing attacks deceive even the most aware users 2024-05-02 at 06:33 By Help Net Security Vishing and deepfake phishing attacks are on the rise as attackers leverage GenAI to amplify social engineering tactics, according to Zscaler. AI automates and personalizes various aspects of the attack process AI-driven phishing attacks leverage AI tools to enhance

AI-driven phishing attacks deceive even the most aware users Read More »

Why cloud vulnerabilities need CVEs

Cloud, CVE, cybersecurity, Don't miss, Expert analysis, Expert corner, Hot stuff, News, Nucleus Security, opinion, patching, vulnerability management /

Why cloud vulnerabilities need CVEs 2024-05-01 at 08:01 By Help Net Security When considering vulnerability management’s purpose in a modern world, it’s imperative to recognize the huge transition to new technologies and how you manage risk within these different paradigms and environments (e.g., the cloud). Patch network security isn’t applicable in the same way for

Why cloud vulnerabilities need CVEs Read More »

Making cybersecurity more appealing to women, closing the skills gap

cybersecurity, Don't miss, Features, Hot stuff, News, opinion, policy, professional, Sapphire, skill development, strategy /

Making cybersecurity more appealing to women, closing the skills gap 2024-05-01 at 07:31 By Mirko Zorz In this Help Net Security interview, Charly Davis, CCO at Sapphire, provides insights into the current challenges and barriers women face in the cybersecurity industry. Davis emphasizes the need for proactive strategies to attract diverse talent, improve mentorship opportunities,

Making cybersecurity more appealing to women, closing the skills gap Read More »

Cybersecurity jobs available right now: May 1, 2024

cybersecurity jobs, News /

Cybersecurity jobs available right now: May 1, 2024 2024-05-01 at 07:02 By Anamarija Pogorelec Adversary Simulation Specialist LyondellBasell | Poland | On-site – View job details The Adversary Simulation Specialist will be responsible for testing and evaluating the security of a LyondellBasell’s networks, systems, and applications. This role involves conducting application assessments, vulnerability assessments, penetration

Cybersecurity jobs available right now: May 1, 2024 Read More »

Essential steps for zero-trust strategy implementation

cybersecurity, Gartner, News, report, strategy, survey, zero trust /

Essential steps for zero-trust strategy implementation 2024-05-01 at 06:01 By Help Net Security 63% of organizations worldwide have fully or partially implemented a zero-trust strategy, according to Gartner. For 78% of organizations implementing a zero-trust strategy, this investment represents less than 25% of the overall cybersecurity budget. A fourth quarter 2023 Gartner survey of 303

Essential steps for zero-trust strategy implementation Read More »

Infosec products of the month: April 2024

Akamai, Bitdefender, CyberInt, Fastly, Forcepoint, IDnow, Immuta, Index Engines, Invicti Security, LogRhythm, Netwrix, News, Owl Cyber Defense Solutions, Privacera, Redgate, ShadowDragon, Siemens, Tanium, Trend Micro, TrueMedia.org, Veriato, WhyLabs, Zero Networks /

Infosec products of the month: April 2024 2024-05-01 at 05:01 By Help Net Security Here’s a look at the most interesting products from the past month, featuring releases from: Akamai, Bitdefender, CyberInt, Fastly, Forcepoint, IDnow, Immuta, Index Engines, Invicti Security, LogRhythm, Netwrix, Owl Cyber Defense Solutions, Privacera, Redgate, ShadowDragon, Siemens, Tanium, Trend Micro, TrueMedia.org, Veriato,

Infosec products of the month: April 2024 Read More »

FCC fines major wireless carriers over illegal location data sharing

AT&T, cybersecurity, fcc, Government, News, Privacy, Sprint, T-Mobile, USA /

FCC fines major wireless carriers over illegal location data sharing 2024-04-30 at 16:01 By Industry News The Federal Communications Commission (FCC) fined the nation’s largest wireless carriers for illegally sharing access to customers’ location information without consent and without taking reasonable measures to protect that information against unauthorized disclosure. Wireless carriers shared access to customers’

FCC fines major wireless carriers over illegal location data sharing Read More »

Palo Alto firewalls: CVE-2024-3400 exploitation and PoCs for persistence after resets/upgrades

Don't miss, exploit, firewall, Hot stuff, News, Palo Alto Networks, PoC /

Palo Alto firewalls: CVE-2024-3400 exploitation and PoCs for persistence after resets/upgrades 2024-04-30 at 15:47 By Zeljka Zorz There are proof-of-concept techniques allowing attackers to achieve persistence on Palo Alto Networks firewalls after CVE-2024-3400 has been exploited, the company has confirmed on Monday, but they are “not aware at this time of any malicious attempts to

Palo Alto firewalls: CVE-2024-3400 exploitation and PoCs for persistence after resets/upgrades Read More »

Triangulation fraud: The costly scam hitting online retailers

Artificial Intelligence, attacks, authentication, biometrics, cybersecurity, Don't miss, Features, fraud, Hot stuff, News, online payment, opinion, remote access, scams, Visa /

Triangulation fraud: The costly scam hitting online retailers 2024-04-30 at 08:01 By Mirko Zorz In this Help Net Security interview, Mike Lemberger, Visa’s SVP, Chief Risk Officer, North America, discusses the severe financial losses resulting from triangulation fraud, estimating monthly losses to range from $660 million to $1 billion among merchants. He also highlights the

Triangulation fraud: The costly scam hitting online retailers Read More »

Tracecat: Open-source SOAR

automation, cybersecurity, Don't miss, GitHub, Hot stuff, News, open source, SOAR, software /

Tracecat: Open-source SOAR 2024-04-30 at 07:31 By Mirko Zorz Tracecat is an open-source automation platform for security teams. The developers believe security automation should be accessible to everyone, especially understaffed small- to mid-sized teams. Core features, user interfaces, and day-to-day workflows are based on existing best practices from best-in-class security teams. Use specialized AI models

Tracecat: Open-source SOAR Read More »

Passwords under seven characters can be easily cracked

cybersecurity, Hive Systems, News, passwords, report, survey /

Passwords under seven characters can be easily cracked 2024-04-30 at 06:31 By Help Net Security Any password under seven characters can be cracked within a matter of hours, according to Hive Systems. The time it takes to crack passwords increases Due to the widespread use of stronger password hashing algorithms to protect data, the time

Passwords under seven characters can be easily cracked Read More »

Security analysts believe more than half of tasks could be automated

Anomali, Artificial Intelligence, automation, CISO, cybersecurity, News, report, SOC, strategy, survey /

Security analysts believe more than half of tasks could be automated 2024-04-30 at 06:01 By Help Net Security Security industry leaders believe that AI and automation technologies are critical to addressing the complexities of modern security operations, according to Anomali. AI expected to boost threat detection In fact, security analysts maintain that up to 57%

Security analysts believe more than half of tasks could be automated Read More »

eBook: Do you have what it takes to lead in cybersecurity?

Don't miss, Hot stuff, ISC2, News, Whitepapers and webinars /

eBook: Do you have what it takes to lead in cybersecurity? 2024-04-30 at 05:31 By Help Net Security Organizations worldwide need talented, experienced, and knowledgeable cybersecurity teams who understand the advantages and risks of emerging technologies. Aspiring leaders in the cybersecurity field need more than just job experience. They need a diverse and robust set

eBook: Do you have what it takes to lead in cybersecurity? Read More »

UK enacts IoT cybersecurity law

consumer, Don't miss, Hot stuff, Internet of Things, legislation, News, smart home, smart lock, smart toys, smart tv, smartphone, UK, USA /

UK enacts IoT cybersecurity law 2024-04-29 at 17:01 By Zeljka Zorz The Product Security and Telecommunications Infrastructure (PSTI) Act has come into effect today, requiring manufacturers of consumer-grade IoT products sold in the UK to stop using guessable default passwords and have a vulnerability disclosure policy. “Most smart devices are manufactured outside the UK, but

UK enacts IoT cybersecurity law Read More »

Scroll to Top