Today’s biggest AI security challenges 2024-03-07 at 08:23 By Help Net Security 98% of companies surveyed view some of their AI models as vital for business success, and 77% have experienced breaches in their AI systems over the past year, according to HiddenLayer. The report surveyed 150 IT security and data science leaders to shed […]
Today’s biggest AI security challenges Read More »
Tazama: Open-source real-time fraud management 2024-03-07 at 07:39 By Help Net Security Tazama is an open-source platform focused on improving fraud management within digital payment systems. Tazama marks a substantial transformation in the approach to financial monitoring and compliance worldwide. Previously, the financial sector struggled with proprietary solutions that were both expensive and restrictive, impeding
Tazama: Open-source real-time fraud management Read More »
78% of MSPs identify cybersecurity as prime IT challenge 2024-03-07 at 06:46 By Help Net Security Cybersecurity remained a top priority and an area of growth for MSPs, with 73% saying it’s a top revenue driver for their business, according to Kaseya. Ongoing cyberattack threats impact MSPs The threat of cyberattacks continues to weigh on
78% of MSPs identify cybersecurity as prime IT challenge Read More »
A cybercriminal is sentenced, will it make a difference? 2024-03-07 at 06:03 By Help Net Security The darknet is home to many underground hacking forums in which cybercriminals convene, freely sharing stories, tactics, success stories and failures. Their unguarded discussions allow our team to peek into the politics and ethics behind recent adversary activities. The
A cybercriminal is sentenced, will it make a difference? Read More »
Apple fixes two actively exploited iOS zero-days (CVE-2024-23225, CVE-2024-23296) 2024-03-06 at 11:45 By Zeljka Zorz Apple has fixed two iOS zero-day vulnerabilities (CVE-2024-23225, CVE-2024-23296) exploited by attackers in the wild. CVE-2024-23225 and CVE-2024-23296 On Tuesday, Apple released security updates for all three supported branches of iOS and iPadOS. iOS and iPadOS 17.4 carry fixes for
Apple fixes two actively exploited iOS zero-days (CVE-2024-23225, CVE-2024-23296) Read More »
5 ways to keep API integrations secure 2024-03-06 at 08:20 By Help Net Security API integrations often handle sensitive data, such as employees’ personally identifiable information (PII), companies’ financial information, or even clients’ payment card data. Keeping this data safe from attackers—while ensuring that the integrations perform at the desired level—requires adopting several security measures.
5 ways to keep API integrations secure Read More »
RiskInDroid: Open-source risk analysis of Android apps 2024-03-06 at 07:30 By Mirko Zorz RiskInDroid (Risk Index for Android) is an open-source tool for quantitative risk analysis of Android applications based on machine learning techniques. How RiskInDroid works “A user should be able to quickly assess an application’s level of risk by simply glancing at RiskInDroid’s
RiskInDroid: Open-source risk analysis of Android apps Read More »
How to create an efficient governance control program 2024-03-06 at 06:31 By Help Net Security Your success as an organization, especially in the cyber realm, depends on your security posture. To account for the ongoing evolution of digital threats, you need to implement robust governance control programs that address the current control environment and help
How to create an efficient governance control program Read More »
AI tools put companies at risk of data exfiltration 2024-03-06 at 06:03 By Help Net Security Data loss from insiders continues to pose a growing threat to security, with emerging technologies such as AI and generative AI (GenAI) only compounding the issue, indicating swift action is needed, according to Code42. Since 2021, there has been
AI tools put companies at risk of data exfiltration Read More »
Hundreds of orgs targeted with emails aimed at stealing NTLM authentication hashes 2024-03-05 at 12:47 By Zeljka Zorz A threat actor specializing in establishing initial access to target organizations’ computer systems and networks is using booby-trapped email attachments to steal employees’ NTLM hashes. Why are they after NTLM hashes? NT LAN Manager (NTLM) hashes contain
Hundreds of orgs targeted with emails aimed at stealing NTLM authentication hashes Read More »
Why cyber maturity assessment should become standard practice 2024-03-05 at 08:05 By Help Net Security Understanding risk is one thing, but how do you know if your organization has what it takes to withstand those risks being realized? Establishing cyber maturity can help determine resilience, where the strengths and weaknesses lie, and what needs to
Why cyber maturity assessment should become standard practice Read More »
3 free data protection regulation courses you can take right now 2024-03-05 at 07:31 By Help Net Security Increasingly, information about us, and even by us, is being processed. Even mundane or insignificant details can be combined and linked with other data in a manner that may intrude upon or pose a risk to our
3 free data protection regulation courses you can take right now Read More »
What organizations need to know about the Digital Operational Resilience Act (DORA) 2024-03-05 at 06:31 By Mirko Zorz In this Help Net Security interview, Kris Lovejoy, Global Security and Resilience Leader at Kyndryl, discusses the impact of the Digital Operational Resilience Act (DORA) on organizations across the EU, particularly in ICT risk management and cybersecurity.
What organizations need to know about the Digital Operational Resilience Act (DORA) Read More »
Organizations are knowingly releasing vulnerable applications 2024-03-05 at 06:18 By Help Net Security 92% of companies had experienced a breach in the prior year due to vulnerabilities of applications developed in-house, according to Checkmarx. AppSec managers and developers share application security duties In recent years the responsibility for application security has shifted away from dedicated
Organizations are knowingly releasing vulnerable applications Read More »
Critical vulnerabilities in TeamCity JetBrains fixed, release of technical details imminent, patch quickly! (CVE-2024-27198, CVE-2024-27199) 2024-03-04 at 18:07 By Zeljka Zorz JetBrains has fixed two critical security vulnerabilities (CVE-2024-27198, CVE-2024-27199) affecting TeamCity On-Premises and is urging customers to patch them immediately. “Rapid7 originally identified and reported these vulnerabilities to us and has chosen to adhere
GitHub push protection now on by default for public repositories 2024-03-04 at 16:15 By Zeljka Zorz GitHub push protection – a security feature aimed at preventing secrets such as API keys or tokens getting accidentally leaked online – is being switched on by default for all public repositories. “This means that when a supported secret
GitHub push protection now on by default for public repositories Read More »
Phishers target FCC, crypto holders via fake Okta SSO pages 2024-03-04 at 14:46 By Helga Labus A new phishing campaign is using fake Okta single sign-on (SSO) pages for the Federal Communications Commission (FCC) and for various cryptocurrency platforms to target users and employees, Lookout researchers have discovered. The phishing campaign By pretending to be
Phishers target FCC, crypto holders via fake Okta SSO pages Read More »
Securing software repositories leads to better OSS security 2024-03-04 at 14:03 By Zeljka Zorz Malicious software packages are found on public software repositories such as GitHub, PyPI and the npm registry seemingly every day. Attackers use a number of tricks to fool developers or systems into downloading them, or they simply compromise the package developer’s
Securing software repositories leads to better OSS security Read More »
PyRIT: Open-source framework to find risks in generative AI systems 2024-03-04 at 08:02 By Mirko Zorz Python Risk Identification Tool (PyRIT) is Microsoft’s open-source automation framework that enables security professionals and machine learning engineers to find risks in generative AI systems. PyRIT has been battle-tested by Microsoft’s AI red team. It started as a collection
PyRIT: Open-source framework to find risks in generative AI systems Read More »
95% believe LLMs making phishing detection more challenging 2024-03-04 at 07:32 By Help Net Security More than 95% of responding IT and security professionals believe social engineering attacks have become more sophisticated in the last year, according to LastPass. Recent AI advancements, particularly generative AI, have empowered cybercriminals to coordinate social engineering assaults with unprecedented
95% believe LLMs making phishing detection more challenging Read More »