News - Security Ticks

Prowler: Open-source security tool for AWS, Google Cloud Platform, Azure

AWS, cybersecurity, database security, Don't miss, GitHub, Hot stuff, News, open source, software / SecurityTicks

Prowler: Open-source security tool for AWS, Google Cloud Platform, Azure 2024-02-07 at 07:31 By Mirko Zorz Prowler is an open-source security tool designed to assess, audit, and enhance the security of AWS, GCP, and Azure. It’s also equipped for incident response, continuous monitoring, hardening, and forensics preparation. Details The tool includes hundreds of controls that […]

Prowler: Open-source security tool for AWS, Google Cloud Platform, Azure Read More »

Enhancing adversary simulations: Learn the business to attack the business

attacks, cybersecurity, Don't miss, DVULN, Features, Hot stuff, News, red team, strategy / SecurityTicks

Enhancing adversary simulations: Learn the business to attack the business 2024-02-07 at 07:01 By Mirko Zorz In this Help Net Security interview, Jamieson O’Reilly, Founder of DVULN, discusses adversary simulations, shedding light on challenges rooted in human behavior, decision-making, and responses to evolving cyber threats. Unveiling the interplay between red and blue teams, O’Reilly talks

Enhancing adversary simulations: Learn the business to attack the business Read More »

Cybersecurity teams hesitate to use automation in TDIR workflows

automation, cybersecurity, Exabeam, IDC, News, report, survey / SecurityTicks

Cybersecurity teams hesitate to use automation in TDIR workflows 2024-02-07 at 06:01 By Help Net Security Despite reported threat detection, investigation, and response (TDIR) improvements in security operations, more than half of organizations still experienced significant security incidents in the last year, according to Exabeam. North America experienced the highest rate of security incidents (66%),

Cybersecurity teams hesitate to use automation in TDIR workflows Read More »

Whitepaper: Why Microsoft’s password protection is not enough

Don't miss, Enzoic, News, Whitepapers and webinars / SecurityTicks

Whitepaper: Why Microsoft’s password protection is not enough 2024-02-07 at 05:48 By Help Net Security Microsoft’s Azure AD Password Protection, now rebranded as Microsoft Entra ID helps users create a password policy they hope will protect their systems from account takeover and other identity and access management issues. However, Entra ID has significant security gaps.

Whitepaper: Why Microsoft’s password protection is not enough Read More »

Spoutible API exposed encrypted password reset tokens, 2FA secrets of users

account hijacking, API security, data breach, Don't miss, Hot stuff, News, social media, Spoutible, vulnerability / SecurityTicks

Spoutible API exposed encrypted password reset tokens, 2FA secrets of users 2024-02-06 at 16:33 By Helga Labus A publicly exposed API of social media platform Spoutible may have allowed threat actors to scrape information that can be used to hijack user accounts. The problem with the Spoutible API Security consultant Troy Hunt has been tipped

Spoutible API exposed encrypted password reset tokens, 2FA secrets of users Read More »

ResumeLooters target job search sites in extensive data heist

cybercrime, cybersecurity, Group-IB, News, security assessment, SQL injection, XSS / SecurityTicks

ResumeLooters target job search sites in extensive data heist 2024-02-06 at 12:47 By Help Net Security Group-IB identified a large-scale malicious campaign primarily targeting job search and retail websites of companies in the Asia-Pacific region. The group, dubbed ResumeLooters, successfully infected at least 65 websites between November and December 2023 through SQL injection and XSS

ResumeLooters target job search sites in extensive data heist Read More »

Lagging Mastodon admins urged to patch critical account takeover flaw (CVE-2024-23832)

account hijacking, Cure53, Don't miss, Hot stuff, Mastodon, News, security update, social media, vulnerability / SecurityTicks

Lagging Mastodon admins urged to patch critical account takeover flaw (CVE-2024-23832) 2024-02-06 at 12:02 By Zeljka Zorz Five days after Mastodon developers pushed out fixes for a remotely exploitable account takeover vulnerability (CVE-2024-23832), over 66% of Mastodon servers out there have been upgraded to close the hole. About Mastodon Mastodon is open-source (server) software for

Lagging Mastodon admins urged to patch critical account takeover flaw (CVE-2024-23832) Read More »

How CISOs navigate policies and access across enterprises

access management, Check Point, cloud security, cybersecurity, Data Protection, Don't miss, Features, framework, Hot stuff, identity management, News, opinion, strategy, zero trust / SecurityTicks

How CISOs navigate policies and access across enterprises 2024-02-06 at 08:01 By Mirko Zorz In this Help Net Security interview, Marco Eggerling, Global CISO at Check Point, discusses the challenge of balancing data protection with diverse policies, devices, and access controls in a distributed enterprise. He also highlights the significance of security validations, especially internal

How CISOs navigate policies and access across enterprises Read More »

3 ways to achieve crypto agility in a post-quantum world

AppViewX, certificate authority, certificates, cybersecurity, Don't miss, Encryption, Expert analysis, Expert corner, Hot stuff, News, opinion, standards, strategy / SecurityTicks

3 ways to achieve crypto agility in a post-quantum world 2024-02-06 at 07:31 By Help Net Security Working at the speed of digital business is a constant challenge. But in today’s increasingly automated operational environment, crypto agility—i.e., an organization’s ability to (at the moment of compromise) switch rapidly and seamlessly between certificate authorities, encryption standards

3 ways to achieve crypto agility in a post-quantum world Read More »

10 must-read cybersecurity books for 2024

books, cybersecurity, Don't miss, Hot stuff, how-to, Learning Tree, News, No Starch Press, skill development, strategy, tips / SecurityTicks

10 must-read cybersecurity books for 2024 2024-02-06 at 07:01 By Help Net Security Our list of cybersecurity books has been curated to steer your professional growth in 2024. This selection aims to provide comprehensive information security insights and knowledge, ensuring you stay ahead in your career learning journey throughout the year. Cyber for Builders: The

10 must-read cybersecurity books for 2024 Read More »

Paying ransoms is becoming a cost of doing business for many

Cohesity, cyber resilience, cyberattacks, cybercrime, data security, News, Ransomware, report, survey / SecurityTicks

Paying ransoms is becoming a cost of doing business for many 2024-02-06 at 06:02 By Help Net Security Today’s pervasive cyberattacks are forcing the majority of companies to pay ransoms and break their ‘do not pay’ policies, with data recovery deficiencies compounding the problem, according to Cohesity. In fact, most companies have paid a ransom

Paying ransoms is becoming a cost of doing business for many Read More »

Deepfaked video conference call makes employee send $25 million to scammers

Asia, deepfakes, Don't miss, enterprise, Hot stuff, News, scams, video conferencing / SecurityTicks

Deepfaked video conference call makes employee send $25 million to scammers 2024-02-05 at 17:01 By Zeljka Zorz A deepfake video conference call paired with social engineering tricks has led to the theft of over US$25 million from a multinational firm, the South China Morning Post has reported. The scheme and the deepfake video conference call

Deepfaked video conference call makes employee send $25 million to scammers Read More »

AnyDesk has been hacked, users urged to change passwords

AnyDesk, certificates, credentials, CrowdStrike, data breach, Don't miss, Hot stuff, News, remote access, Resecurity / SecurityTicks

AnyDesk has been hacked, users urged to change passwords 2024-02-05 at 14:31 By Zeljka Zorz AnyDesk Software GmbH, the German company behind the widely used (and misused) remote desktop application of the same name, has confirmed they’ve been hacked and their production systems have been compromised. The statement was published on Friday evening and lacks

AnyDesk has been hacked, users urged to change passwords Read More »

Latio Application Security Tester: Use AI to scan your code

Artificial Intelligence, cybersecurity, Don't miss, GitHub, Hot stuff, News, open source, OpenAI, software / SecurityTicks

Latio Application Security Tester: Use AI to scan your code 2024-02-05 at 08:02 By Mirko Zorz Latio Application Security Tester is an open-source tool that enables the usage of OpenAI to scan code from the CLI for security and health issues. Features and future plans James Berthoty, the creator of Latio Application Security Tester, told

Latio Application Security Tester: Use AI to scan your code Read More »

Researchers discover exposed API secrets, impacting major tech tokens

API security, AWS, cybersecurity, Data leak, Escape, GitHub, News, Slack, Stripe / SecurityTicks

Researchers discover exposed API secrets, impacting major tech tokens 2024-02-05 at 07:33 By Help Net Security Escape’s security research team scanned 189.5 million URLs and found more than 18,000 exposed API secrets. 41% of exposed secrets were highly critical, i.e. could lead to financial risks for the organizations. Exposed API secrets The exposed secrets include

Researchers discover exposed API secrets, impacting major tech tokens Read More »

Businesses banning or limiting use of GenAI over privacy risks

Artificial Intelligence, Cisco, CISO, Don't miss, generative AI, News, Privacy, report, survey / SecurityTicks

Businesses banning or limiting use of GenAI over privacy risks 2024-02-05 at 07:01 By Help Net Security Privacy is much more than a regulatory compliance matter. Findings from a new Cisco study highlight the growing Privacy concerns with GenAI, trust challenges facing organizations over their use of AI, and the attractive returns from privacy investment.

Businesses banning or limiting use of GenAI over privacy risks Read More »

Migrating to the cloud: An overview of process and strategy

Center for Internet Security, Cloud, cloud security, cybersecurity, Don't miss, Expert analysis, Hot stuff, News, opinion / SecurityTicks

Migrating to the cloud: An overview of process and strategy 2024-02-05 at 06:01 By Help Net Security Over the next few years, the number of organizations navigating to the cloud to advance their business goals is expected to grow exponentially. According to Gartner, more than 70% of enterprises will use cloud platforms to accelerate their

Migrating to the cloud: An overview of process and strategy Read More »

Week in review: Windows Event Log zero-day, exploited critical Jenkins RCE flaw

News, Week in review / SecurityTicks

Week in review: Windows Event Log zero-day, exploited critical Jenkins RCE flaw 2024-02-04 at 11:01 By Help Net Security Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: Prioritizing cybercrime intelligence for effective decision-making in cybersecurity In this Help Net Security interview, Alon Gal, CTO at Hudson Rock, discusses

Week in review: Windows Event Log zero-day, exploited critical Jenkins RCE flaw Read More »

New infosec products of the week: February 2, 2024

BackBox, News, ProcessUnity, SentinelOne, Vade Secure / SecurityTicks

New infosec products of the week: February 2, 2024 2024-02-02 at 08:01 By Help Net Security Here’s a look at the most interesting products from the past week, featuring releases from BackBox, ProcessUnity, SentinelOne, and Vade. ProcessUnity unveils all-in-one platform for third-party risk management With a single, configurable platform, ProcessUnity helps organizations manage the increasing

New infosec products of the week: February 2, 2024 Read More »

NIS2 Directive raises stakes for security leaders

cyber hygiene, cyber resilience, cyberattacks, cybersecurity, Don't miss, EU, Features, framework, Hot stuff, News, opinion, regulation, Risk Management, standards, Sumo Logic / SecurityTicks

NIS2 Directive raises stakes for security leaders 2024-02-02 at 08:01 By Mirko Zorz In this Help Net Security interview, Roland Palmer, VP Global Operations Center at Sumo Logic, discusses key challenges and innovations of the NIS2 Directive, aiming to standardize cybersecurity practices across sectors. NIS2 mandates minimal cybersecurity requirements for member companies, encompassing policies on

NIS2 Directive raises stakes for security leaders Read More »