News

Privacera adds access control and data filtering functionality for Vector DB/RAG

News, Privacera /

Privacera adds access control and data filtering functionality for Vector DB/RAG 2024-04-15 at 15:31 By Industry News Privacera announced the addition of new access control and fine-grained data filtering functionality for Vector DB/RAG to Privacera AI Governance (PAIG). “In generative AI, Retrieval-Augmented Generation (RAG) systems operate by sourcing contextual information from a VectorDB, aggregating data […]

Privacera adds access control and data filtering functionality for Vector DB/RAG Read More »

A critical vulnerability in Delinea Secret Server allows auth bypass, admin access

access management, Delinea, Don't miss, enterprise, Hot stuff, News, PoC, privileged accounts, vulnerability, vulnerability disclosure /

A critical vulnerability in Delinea Secret Server allows auth bypass, admin access 2024-04-15 at 14:46 By Zeljka Zorz Organizations with on-prem installations of Delinea Secret Server are urged to update them immediately, to plug a critical vulnerability that may allow attackers to bypass authentication, gain admin access and extract secrets. Fixing the Delinea Secret Server

A critical vulnerability in Delinea Secret Server allows auth bypass, admin access Read More »

How to protect IP surveillance cameras from Wi-Fi jamming

cybersecurity, Don't miss, Expert analysis, Expert corner, Hot stuff, IoT, Nabto, News, opinion, security cameras, smart home, surveillance, wireless /

How to protect IP surveillance cameras from Wi-Fi jamming 2024-04-15 at 08:02 By Help Net Security Gone are the days of criminals cutting camera wires to evade detection: with the proliferation of affordable internet-connected cameras, burglars must resort to Wi-Fi jamming. Blocking the signal blinds the device and stalls home and business surveillance systems, which

How to protect IP surveillance cameras from Wi-Fi jamming Read More »

Geopolitical tensions escalate OT cyber attacks

attacks, CISO, critical infrastructure, cybersecurity, Don't miss, Features, GISEC, Government, Hot stuff, ICS/SCADA, News, opinion, Ransomware, strategy, threats /

Geopolitical tensions escalate OT cyber attacks 2024-04-15 at 07:31 By Mirko Zorz In this Help Net Security interview, Andrew Ginter, VP of Industrial Security at Waterfall Security, discusses operational technology (OT) cyber attacks and their 2024 Threat Report. He examines how global geopolitical tensions and evolving ransomware tactics are reshaping industrial cybersecurity. He sheds light

Geopolitical tensions escalate OT cyber attacks Read More »

Zarf: Open-source continuous software delivery on disconnected networks

DevSecOps, Don't miss, GitHub, News, open source, software /

Zarf: Open-source continuous software delivery on disconnected networks 2024-04-15 at 06:32 By Help Net Security Zarf is a free, open-source tool that enables continuous software delivery on disconnected networks. It currently offers fully automated support for K3s, K3d, and Kind and is also compatible with EKS, AKS, GKE, RKE2, and many other distro services. The

Zarf: Open-source continuous software delivery on disconnected networks Read More »

Week in review: Palo Alto Networks firewalls under attack, Microsoft patches two exploited zero-days

News, Week in review /

Week in review: Palo Alto Networks firewalls under attack, Microsoft patches two exploited zero-days 2024-04-14 at 11:01 By Help Net Security Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: Palo Alto Networks firewalls under attack, hotfixes incoming! (CVE-2024-3400) Attackers are exploiting a command injection vulnerability (CVE-2024-3400) affecting Palo

Week in review: Palo Alto Networks firewalls under attack, Microsoft patches two exploited zero-days Read More »

CVE-2024-3400 exploited: Unit 42, Volexity share more details about the attacks

Don't miss, exploit, firewall, Hot stuff, News, Palo Alto Networks, Volexity, vulnerability /

CVE-2024-3400 exploited: Unit 42, Volexity share more details about the attacks 2024-04-12 at 22:16 By Zeljka Zorz Earlier today, Palo Alto Networks revealed that a critical command injection vulnerability (CVE-2024-3400) in the company’s firewalls has been exploited in limited attacks and has urged customers with vulnerable devices to quickly implement mitigations and workarounds. Palo Alto

CVE-2024-3400 exploited: Unit 42, Volexity share more details about the attacks Read More »

Palo Alto Networks firewalls under attack, hotfixes incoming! (CVE-2024-3400)

Don't miss, exploit, firewall, Hot stuff, News, Palo Alto Networks, Volexity, vulnerability /

Palo Alto Networks firewalls under attack, hotfixes incoming! (CVE-2024-3400) 2024-04-12 at 10:46 By Zeljka Zorz Attackers are exploiting a command injection vulnerability (CVE-2024-3400) affecting Palo Alto Networks’ firewalls, the company has warned, and urged customers to implement temporary mitigations and get in touch to check whether their devices have been compromised. “Palo Alto Networks is

Palo Alto Networks firewalls under attack, hotfixes incoming! (CVE-2024-3400) Read More »

Strategies to cultivate collaboration between NetOps and SecOps

Artificial Intelligence, automation, Cloud, collaboration, cybersecurity, Don't miss, Features, Hot stuff, Netscout, News, opinion, strategy /

Strategies to cultivate collaboration between NetOps and SecOps 2024-04-12 at 07:31 By Mirko Zorz In this Help Net Security interview, Debby Briggs, CISO at Netscout, discusses breaking down silos between NetOps and SecOps. Practical steps include scheduling strategy meetings, understanding communication preferences, and fostering team collaboration. With evolving cloud models, collaboration and clear role assignments

Strategies to cultivate collaboration between NetOps and SecOps Read More »

Why women struggle in the cybersecurity industry

Aleria, cybersecurity, education, News, report, skill development, survey, WiCyS /

Why women struggle in the cybersecurity industry 2024-04-12 at 06:31 By Help Net Security The workplace experiences of women in cybersecurity are dramatically worse than men across virtually every category, according to a WiCyS and Aleria survey. Previous studies have illustrated that the representation of women in cybersecurity is much lower than it should be,

Why women struggle in the cybersecurity industry Read More »

CISA warns about Sisense data breach

CISA, credentials, data breach, Don't miss, Hot stuff, News, Sisense /

CISA warns about Sisense data breach 2024-04-11 at 17:31 By Zeljka Zorz Business intelligence / data analytics software vendor Sisense has apparently suffered a data breach that spurred the company and the US Cybersecurity and Infrastructure Security Agency to push the company’s customers to “reset credentials and secrets potentially exposed to, or used to access,

CISA warns about Sisense data breach Read More »

Ransomware group maturity should influence ransom payment decision

cybercriminals, Don't miss, extortion, GuidePoint Security, Hot stuff, News, Ransomware, SMBs, tips /

Ransomware group maturity should influence ransom payment decision 2024-04-11 at 16:16 By Zeljka Zorz Your organization has been hit by ransomware and a decision has to be made on whether or not to make the ransom payment to get your data decrypted, deleted from attackers’ servers, and/or not leaked online. The decision will depend on

Ransomware group maturity should influence ransom payment decision Read More »

How Google’s 90-day TLS certificate validity proposal will affect enterprises

AppViewX, automation, certificates, cybersecurity, DevOps, Don't miss, Encryption, Expert analysis, Expert corner, Google, Hot stuff, News, opinion, policy, risk assessment /

How Google’s 90-day TLS certificate validity proposal will affect enterprises 2024-04-11 at 08:01 By Help Net Security Announced last year, Google’s proposal to reduce the lifespan of TLS (transport layer security) certificates from 13 months to 90 days could be implemented in the near future. It will certainly improve security and shrink the window of

How Google’s 90-day TLS certificate validity proposal will affect enterprises Read More »

Leveraging AI for enhanced compliance and governance

Artificial Intelligence, Compliance, cybersecurity, data security, Don't miss, Features, Hot stuff, IBRS, News, opinion, Privacy, regulation /

Leveraging AI for enhanced compliance and governance 2024-04-11 at 07:31 By Mirko Zorz In this Help Net Security interview, Dr. Joseph Sweeney, Advisor at IBRS, discusses the risks of integrating AI into information management systems. He talks about emerging trends such as content cognition. He predicts advancements in AI-driven information management tools, as well as

Leveraging AI for enhanced compliance and governance Read More »

Graylog: Open-source log management

Don't miss, GitHub, Hot stuff, log management, News, open source, software /

Graylog: Open-source log management 2024-04-11 at 07:01 By Mirko Zorz Graylog is an open-source solution with centralized log management capabilities. It enables teams to collect, store, and analyze data to get answers to security, application, and IT infrastructure questions. Graylog key features It is easy to install with a standard tech stack, combined with support

Graylog: Open-source log management Read More »

37% of publicly shared files expose personal information

Cloud, cybersecurity, Data Protection, data security, Don't miss, Metomic, News, Privacy, report /

37% of publicly shared files expose personal information 2024-04-11 at 06:31 By Help Net Security Many sensitive documents stored on platforms such as Google Drive, Slack, and other collaborative work applications have been left unattended for several months or even years. This has led to data sprawl challenges for companies and significant data security threats

37% of publicly shared files expose personal information Read More »

Trustwave Government Solutions (TGS) Salutes New Mexico’s New Cybersecurity Executive Order

News /

Trustwave Government Solutions (TGS) Salutes New Mexico’s New Cybersecurity Executive Order 2024-04-10 at 21:01 By New Mexico Governor Michelle Lujan Grisham issued an Executive Order to shore up the state’s cybersecurity readiness and better safeguard sensitive data by conducting a state-wide security assessment and adopting National Institute of Standards and Technology (NIST) standards by Nov.

Trustwave Government Solutions (TGS) Salutes New Mexico’s New Cybersecurity Executive Order Read More »

New covert SharePoint data exfiltration techniques revealed

Data exfiltration, data theft, Don't miss, enterprise, Hot stuff, logging, News, SharePoint, Varonis /

New covert SharePoint data exfiltration techniques revealed 2024-04-10 at 18:10 By Zeljka Zorz Varonis Threat Labs researchers have uncovered two techniques attackers can use can use for covert data and file exfiltration from companies’ SharePoint server. “These techniques can bypass the detection and enforcement policies of traditional tools, such as cloud access security brokers, data

New covert SharePoint data exfiltration techniques revealed Read More »

IT pros targeted with malicious Google ads for PuTTY, FileZilla

Don't miss, Google Search, Hot stuff, malvertising, Malwarebytes, News /

IT pros targeted with malicious Google ads for PuTTY, FileZilla 2024-04-10 at 14:48 By Zeljka Zorz An ongoing malvertising campaign is targeting IT administrators looking to download system utilities such as PuTTY (a free SSH and Telnet client) and FileZilla (a free cross-platform FTP application). “We have reported this campaign to Google but no action

IT pros targeted with malicious Google ads for PuTTY, FileZilla Read More »

Scroll to Top