News - Security Ticks

What open source means for cybersecurity

cybersecurity, Endor Labs, GitGuardian, Legit Security, Lineaje, News, open source, report, software, survey, Tidelift / SecurityTicks

What open source means for cybersecurity 2024-12-23 at 06:03 By Help Net Security With outdated and inadequately maintained components, along with insecure dependencies, the open-source ecosystem presents numerous risks that could expose organizations to threats. In this article, you will find excerpts from 2024 open-source security reports that can help your organization strengthen its software […]

React to this headline:

What open source means for cybersecurity Read More »

Week in review: MUT-1244 targets both security workers and threat actors, Kali Linux 2024.4 released

News, Week in review / SecurityTicks

Week in review: MUT-1244 targets both security workers and threat actors, Kali Linux 2024.4 released 2024-12-22 at 11:03 By Help Net Security Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: MUT-1244 targeting security researchers, red teamers, and threat actors A threat actor tracked as MUT-1244 by DataDog researchers

React to this headline:

Week in review: MUT-1244 targets both security workers and threat actors, Kali Linux 2024.4 released Read More »

CISA: Use Signal or other secure communications app

Android, CISA, Don't miss, Hot stuff, iPhone, MFA, News, password manager, secure communications, Signal, telecommunications, USA / SecurityTicks

CISA: Use Signal or other secure communications app 2024-12-20 at 14:57 By Zeljka Zorz In the wake of the widespread compromise of US telecom giants’ networks by Chinese hackers and the FBI advising Americans to use end-to-end encrypted communications, CISA is advising “highly targeted individuals” – senior government officials and politicians – to lock down

React to this headline:

CISA: Use Signal or other secure communications app Read More »

Another NetWalker affiliate sentenced to 20 years in prison

cybercriminals, Don't miss, Hot stuff, Justice Department, News, Ransomware / SecurityTicks

Another NetWalker affiliate sentenced to 20 years in prison 2024-12-20 at 13:07 By Zeljka Zorz A 30-year old Romanian man was sentenced to 20 years in prison for leveraging the Netwalker ransomware to extort money from victims, the US Department of Justice announced on Thursday. Daniel Christian Hulea, of Jucu de Mijloc, Cluj, Romania, was

React to this headline:

Another NetWalker affiliate sentenced to 20 years in prison Read More »

Why cybersecurity is critical to energy modernization

cybersecurity, Don't miss, ENCS, energy sector, Features, Hot stuff, IoT, News, opinion, regulation, standards / SecurityTicks

Why cybersecurity is critical to energy modernization 2024-12-20 at 07:53 By Mirko Zorz In this Help Net Security interview, Anjos Nijk, Managing Director of the European Network for Cyber security (ENCS), discusses cybersecurity in the energy sector as it modernizes with renewable sources and smart grid technologies. Nijk also addresses the need for international collaboration,

React to this headline:

Why cybersecurity is critical to energy modernization Read More »

AI is becoming the weapon of choice for cybercriminals

1Password, Artificial Intelligence, AuditBoard, Bitdefender, Bugcrowd, Cisco, Cloud Security Alliance, Code42, CyberArk, cybersecurity, Deep Instinct, Deloitte, generative AI, GitGuardian, Google Cloud, Immuta, Ivanti, Lakera, Legit Security, Netacea, Netskope, News, report, RWS, survey, Venafi / SecurityTicks

AI is becoming the weapon of choice for cybercriminals 2024-12-20 at 07:03 By Help Net Security AI changes how organizations look at cybersecurity GenAI is compromising security while promising efficiency This article highlights key findings from 2024 reports on AI and GenAI technologies, focusing on their potential and major challenges. Overreliance on GenAI to develop

React to this headline:

AI is becoming the weapon of choice for cybercriminals Read More »

46% of financial institutions had a data breach in the past 24 months

cyber risk, cybersecurity, financial industry, identity, News, report, SailPoint, survey / SecurityTicks

46% of financial institutions had a data breach in the past 24 months 2024-12-20 at 06:34 By Help Net Security As the financial industry is the most targeted sector for data breaches in 2024, it’s now more important than ever to strengthen the industry moving into 2025, according to SailPoint. Financial institutions face growing cyber

React to this headline:

46% of financial institutions had a data breach in the past 24 months Read More »

New infosec products of the week: December 20, 2024

Appdome, GitGuardian, Netwrix, News, RunSafe Security, Stairwell / SecurityTicks

New infosec products of the week: December 20, 2024 2024-12-20 at 06:02 By Help Net Security Here’s a look at the most interesting products from the past week, featuring releases from Appdome, GitGuardian, RunSafe Security, Stairwell, and Netwrix. GitGuardian launches multi-vault integration to combat secrets sprawl GitGuardian unveiled a comprehensive Non-Human Identity (NHI) security strategy

React to this headline:

New infosec products of the week: December 20, 2024 Read More »

Cryptocurrency hackers stole $2.2 billion from platforms in 2024

Bitcoin, Chainalysis, Cryptocurrency, Don't miss, hacking, Hot stuff, News, North Korea / SecurityTicks

Cryptocurrency hackers stole $2.2 billion from platforms in 2024 2024-12-19 at 17:18 By Zeljka Zorz $2.2 billion worth of cryptocurrency was stolen from various platforms in 2024, Chainalysis’ 2025 Crypto Crime Report has revealed. Of that sum, $1.34 billion was stolen by North Korea-affiliated hackers, across 47 hacking incidents (out of 303). Most targeted organizations

React to this headline:

Cryptocurrency hackers stole $2.2 billion from platforms in 2024 Read More »

CISA orders federal agencies to secure their Microsoft cloud environments

CISA, cloud security, Don't miss, Government, Hot stuff, Microsoft 365, News, Sectigo / SecurityTicks

CISA orders federal agencies to secure their Microsoft cloud environments 2024-12-19 at 15:04 By Zeljka Zorz The US Cybersecurity and Infrastructure Security Agency (CISA) has issued a binding operational directive (BOD 25-01) requiring federal civilian agencies to secure their (Microsoft) cloud environments. About the CISA BOD 25-01 directive The Implementing Secure Practices for Cloud Services

React to this headline:

CISA orders federal agencies to secure their Microsoft cloud environments Read More »

Ukrainian hacker gets prison for infostealer operations

cybercrime, Don't miss, Government, law enforcement, News, USA / SecurityTicks

Ukrainian hacker gets prison for infostealer operations 2024-12-19 at 12:03 By Help Net Security Ukrainian national Mark Sokolovsky was sentenced to 60 months in federal prison for one count of conspiracy to commit computer intrusion. According to court documents, he conspired to operate the Raccoon Infostealer as a malware-as-a-service (MaaS). Individuals who deployed Raccoon Infostealer

React to this headline:

Ukrainian hacker gets prison for infostealer operations Read More »

Are threat feeds masking your biggest security blind spot?

attacks, C/side, cybersecurity, Don't miss, Expert analysis, Expert corner, Hot stuff, network, News, opinion, threats / SecurityTicks

Are threat feeds masking your biggest security blind spot? 2024-12-19 at 07:33 By Help Net Security Security teams that subscribe to threat feeds get lists of known malicious domains, IPs, and file signatures that they can leverage to blacklist and prevent attacks from those sources. The post Are threat feeds masking your biggest security blind

React to this headline:

Are threat feeds masking your biggest security blind spot? Read More »

Leadership skills for managing cybersecurity during digital transformation

cybersecurity, digital transformation, Don't miss, Features, Hot stuff, News, opinion, Presidio, risk / SecurityTicks

Leadership skills for managing cybersecurity during digital transformation 2024-12-19 at 07:03 By Mirko Zorz In this Help Net Security interview, Dan Lohrmann, CISO at Presidio, discusses the need for organizations to rethink their leadership and operational strategies and the cybersecurity risks they have to deal with during digital transformation. The post Leadership skills for managing

React to this headline:

Leadership skills for managing cybersecurity during digital transformation Read More »

Ransomware in 2024: New players, bigger payouts, and smarter tactics

At-Bay, Cato Networks, Cohesity, Corvus Insurance, cybercrime, GuidePoint Security, Malwarebytes, News, NTT Security, Onapsis, Ransomware, Rapid7, report, Semperis, Sophos, SpyCloud, survey, Veeam Software, Zscaler / SecurityTicks

Ransomware in 2024: New players, bigger payouts, and smarter tactics 2024-12-19 at 06:03 By Help Net Security In 2024, ransomware remained the top cybersecurity threat to organizations worldwide. New groups filled the void left by law enforcement crackdowns, targeting businesses with record-breaking ransom demands and sophisticated tactics. In this article, you will find excerpts from

React to this headline:

Ransomware in 2024: New players, bigger payouts, and smarter tactics Read More »

European companies hit with effective DocuSign-themed phishing emails

account hijacking, Don't miss, Europe, Germany, Hot stuff, Microsoft 365, Microsoft Azure, News, phishing, UK / SecurityTicks

European companies hit with effective DocuSign-themed phishing emails 2024-12-18 at 14:07 By Zeljka Zorz A threat actor looking to take over the Microsoft Azure cloud infrastructure of European companies has successfully compromised accounts of multiple victims in different firms, according to Palo Alto Networks’ Unit 42 researchers. The phishing campaign The attack started earlier this

React to this headline:

European companies hit with effective DocuSign-themed phishing emails Read More »

BeyondTrust fixes critical vulnerability in remote access, support solutions (CVE-2024-12356)

BeyondTrust, CVE, Don't miss, enterprise, Hot stuff, News, remote access, vulnerability / SecurityTicks

BeyondTrust fixes critical vulnerability in remote access, support solutions (CVE-2024-12356) 2024-12-18 at 11:48 By Zeljka Zorz BeyondTrust has fixed an unauthenticated command injection vulnerability (CVE-2024-12356) in its Privileged Remote Access (PRA) and Remote Support (RS) products that may allow remote code execution, and is urging organizations with on-premise installations to test the patch and implement

React to this headline:

BeyondTrust fixes critical vulnerability in remote access, support solutions (CVE-2024-12356) Read More »

CISO accountability: Navigating a landscape of responsibility

CISO, collaboration, cybersecurity, Don't miss, Expert analysis, Expert corner, Hot stuff, NetSPI, News, opinion / SecurityTicks

CISO accountability: Navigating a landscape of responsibility 2024-12-18 at 07:36 By Help Net Security What was once primarily a technical role, CISOs now find themselves accountable for organizational risk, regulatory compliance, and even legal liabilities across the entire organization. However, as cyber threats intensify, it’s clear that overseeing cybersecurity operations enterprise-wide is not feasible for

React to this headline:

CISO accountability: Navigating a landscape of responsibility Read More »

Key steps to scaling automated compliance while maintaining security

Artificial Intelligence, automation, Compliance, cybersecurity, Data Protection, Don't miss, Features, Hot stuff, Meta, News, opinion, Risk Management, strategy / SecurityTicks

Key steps to scaling automated compliance while maintaining security 2024-12-18 at 07:01 By Mirko Zorz In this Help Net Security interview, Vivek Agarwal, Privacy Program Manager at Meta Platforms, shares insights on strategies for reducing time to market, improving vendor onboarding, and updating privacy requirements to ensure compliance across third-party contracts. From leveraging automation and

React to this headline:

Key steps to scaling automated compliance while maintaining security Read More »

Vanir: Open-source security patch validation for Android

Android, Don't miss, GitHub, Google, Hot stuff, News, open source, patch, software / SecurityTicks

Vanir: Open-source security patch validation for Android 2024-12-18 at 06:34 By Help Net Security Google’s open-source tool Vanir enables Android developers to quickly scan custom platform code for missing or applicable security patches. By automating patch validation, Vanir helps OEMs deliver critical security updates faster, enhancing the security of the Android ecosystem. Vanir uses source-code-based

React to this headline:

Vanir: Open-source security patch validation for Android Read More »

Consumers wrongly attribute all data breaches to cybercriminals

consumer, cybercrime, data breach, News, report, survey, Vercara / SecurityTicks

Consumers wrongly attribute all data breaches to cybercriminals 2024-12-18 at 06:01 By Help Net Security Breaches in 2024 had less impact on consumers’ trust in brands compared to the previous year (a 6.5% decrease from 62% in 2023 to 58% in 2024), according to a recent Vercara report. Most consumers also remain unaware of the

React to this headline:

Consumers wrongly attribute all data breaches to cybercriminals Read More »