News - Security Ticks

Spotting AI-generated scams: Red flags to watch for

Artificial Intelligence, blockchain, cybersecurity, deepfakes, Don't miss, Features, fraud, Hot stuff, Mano Bank, News, opinion, penetration testing, regulation / SecurityTicks

Spotting AI-generated scams: Red flags to watch for 2024-10-03 at 07:32 By Mirko Zorz In this Help Net Security interview, Andrius Popovas, Chief Risk Officer at Mano Bank, discusses the most prevalent AI-driven fraud schemes, such as phishing attacks and deepfakes. He explains how AI manipulates videos and audio to deceive victims and highlights key […]

React to this headline:

Spotting AI-generated scams: Red flags to watch for Read More »

How to use the Apple Passwords app

apple, iOS, iPad, macOS, News, password manager / SecurityTicks

How to use the Apple Passwords app 2024-10-03 at 07:01 By Anamarija Pogorelec The latest Apple OS updates (iOS 18, iPadOS 18, macOS Sequoia) have introduced a standalone Passwords app, to make users’ passwords, passkeys, Wi-Fi passwords, and verification codes easily accessible. You can access the Passwords app on your iPhone, iPad, Mac, Apple Vision

React to this headline:

How to use the Apple Passwords app Read More »

15% of office workers use unsanctioned GenAI tools

access control, authentication, cybersecurity, generative AI, Ivanti, News, remote working, report, strategy, survey / SecurityTicks

15% of office workers use unsanctioned GenAI tools 2024-10-03 at 06:31 By Help Net Security Rigid security protocols — such as complex authentication processes and highly restrictive access controls — can frustrate employees, slow productivity and lead to unsafe workarounds, according to Ivanti. Understanding workplace behavior key to strengthening security In fact, one in two

React to this headline:

15% of office workers use unsanctioned GenAI tools Read More »

Ransomware activity shows no signs of slowing down

Cayosoft, Corvus Insurance, cybercrime, News, NTT Security, Ransomware, Video / SecurityTicks

Ransomware activity shows no signs of slowing down 2024-10-03 at 06:01 By Help Net Security Ransomware attacks have seen a significant resurgence, disrupting multiple sectors and affecting global supply chains. Despite efforts to disrupt major ransomware groups, incidents continue to rise, signaling an ongoing and growing threat into 2024. In this Help Net Security round-up,

React to this headline:

Ransomware activity shows no signs of slowing down Read More »

Whitepaper: Reach higher in your career with cloud security

Don't miss, ISC2, News, Whitepapers and webinars / SecurityTicks

Whitepaper: Reach higher in your career with cloud security 2024-10-03 at 05:46 By Help Net Security The cybersecurity skills gap presents ongoing challenges worldwide, so organizations are scrambling to fill cloud security positions. Having a subject matter expert on staff qualified to advise on cloud security requirements is more important now than ever. Because of

React to this headline:

Whitepaper: Reach higher in your career with cloud security Read More »

Critical Zimbra RCE vulnerability under mass exploitation (CVE-2024-45519)

CVE, Don't miss, exploit, Hot stuff, News, PoC, ProjectDiscovery, Proofpoint, Synacor, vulnerability / SecurityTicks

Critical Zimbra RCE vulnerability under mass exploitation (CVE-2024-45519) 2024-10-02 at 14:16 By Zeljka Zorz Attackers are actively exploiting CVE-2024-45519, a critical Zimbra vulnerability that allows them to execute arbitrary commands on vulnerable installations. Proofpoint’s threat researchers say that the attacks started on September 28 – several weeks after Zimbra developers released patches for CVE-2024-45519 and

React to this headline:

Critical Zimbra RCE vulnerability under mass exploitation (CVE-2024-45519) Read More »

4 new LockBit-related arrests, identities of suspected Evil Corp members, affiliates revealed

cybercriminals, Europol, Hot stuff, Justice Department, law enforcement, National Crime Agency, News, Ransomware, Russian Federation / SecurityTicks

4 new LockBit-related arrests, identities of suspected Evil Corp members, affiliates revealed 2024-10-02 at 12:46 By Zeljka Zorz The third phase of Operation Cronos, which involved officers from the UK National Crime Agency (NCA), the FBI, Europol and other law enforcement agencies, has resulted in the arrest of four persons for allegedly participating in the

React to this headline:

4 new LockBit-related arrests, identities of suspected Evil Corp members, affiliates revealed Read More »

Enhancing firewall management with automation tools

automation, Compliance, cybersecurity, Don't miss, Features, firewall, Hot stuff, News, opinion, Tufin / SecurityTicks

Enhancing firewall management with automation tools 2024-10-02 at 08:01 By Mirko Zorz In this Help Net Security interview, Raymond Brancato, CEO at Tufin, discusses the considerations organizations must weigh when selecting a next-generation firewall to effectively balance security needs with network performance. What factors should organizations prioritize when selecting a next-generation firewall to balance security

React to this headline:

Enhancing firewall management with automation tools Read More »

Suricata: Open-source network analysis and threat detection

cybersecurity, Don't miss, Hot stuff, intrusion detection, network analysis, News, OISF, open source, penetration testing, software, threat detection / SecurityTicks

Suricata: Open-source network analysis and threat detection 2024-10-02 at 07:31 By Help Net Security Suricata is an open-source network intrusion detection system (IDS), intrusion prevention system (IPS), and network security monitoring engine. Suricata features Suricata offers comprehensive capabilities for network security monitoring (NSM), including logging HTTP requests, capturing and storing TLS certificates, and extracting files

React to this headline:

Suricata: Open-source network analysis and threat detection Read More »

Cybersecurity jobs available right now: October 2, 2024

cybersecurity jobs, Don't miss, Hot stuff, News / SecurityTicks

Cybersecurity jobs available right now: October 2, 2024 2024-10-02 at 07:01 By Anamarija Pogorelec Applied Cybersecurity Engineer (Center for Securing the Homeland) MITRE | USA | Hybrid – View job details As an Applied Cybersecurity Engineer (Center for Securing the Homeland), you will apply interdisciplinary competencies in secure systems architecture and design, security operations, threat

React to this headline:

Cybersecurity jobs available right now: October 2, 2024 Read More »

What bots mean for businesses and consumers

bot, CISO, cybersecurity, DataDome, Don't miss, Hot stuff, News, report, research, strategy, tips, Video / SecurityTicks

What bots mean for businesses and consumers 2024-10-02 at 06:31 By Help Net Security Simple bots have existed since the early to mid-2000s when organizations had no means to protect themselves or their website’s users from them. Yet today, despite having tools to protect against these simple bots, two in three organizations have made no

React to this headline:

What bots mean for businesses and consumers Read More »

Cybersecurity hiring slows, pros’ stress levels rise

Adobe, burnout, cybersecurity, ISACA, News, report, survey / SecurityTicks

Cybersecurity hiring slows, pros’ stress levels rise 2024-10-02 at 06:01 By Help Net Security 66% of cybersecurity professionals say their role is more stressful now than it was five years ago, according to ISACA. Major contributors to rising stress levels among cybersecurity professionals According to the data, the top reasons for increased stress among cybersecurity

React to this headline:

Cybersecurity hiring slows, pros’ stress levels rise Read More »

Use Windows event logs for ransomware investigations, JPCERT/CC advises

Don't miss, Hot stuff, Incident Response, logging, News, Ransomware, Windows / SecurityTicks

Use Windows event logs for ransomware investigations, JPCERT/CC advises 2024-10-01 at 13:46 By Zeljka Zorz The JPCERT Coordination Center – the first Computer Security Incident Response Team established in Japan – has compiled a list of entries in Windows event logs that could help enterprise defenders respond to human-operated ransomware attacks and potentially limit the

React to this headline:

Use Windows event logs for ransomware investigations, JPCERT/CC advises Read More »

3 easy microsegmentation projects

12Port, access control, cybersecurity, Don't miss, Expert analysis, Expert corner, Hot stuff, network, News, opinion, regulation, resilience, software, zero trust / SecurityTicks

3 easy microsegmentation projects 2024-10-01 at 07:31 By Help Net Security Like many large-scale network security projects, microsegmentation can seem complex, time-consuming, and expensive. It involves managing intricate details about inter-device service connectivity. One web server should connect to specific databases but not to others, or load balancers should connect to some web servers while

React to this headline:

3 easy microsegmentation projects Read More »

Reducing credential complexity with identity federation

authentication, credentials, cybersecurity, Descope, Don't miss, Features, Hot stuff, identity management, News, opinion, SSO / SecurityTicks

Reducing credential complexity with identity federation 2024-10-01 at 07:01 By Mirko Zorz In this Help Net Security interview, Omer Cohen, Chief Security Officer at Descope, discusses the impact of identity federation on organizational security and user experience. He explains how this approach streamlines credential management and enhances security by leveraging trusted identity providers while simplifying

React to this headline:

Reducing credential complexity with identity federation Read More »

Password management habits you should unlearn

Bitwarden, cybersecurity, Experian, News, passwords, report, Specops Software, SpyCloud, survey, Yubico / SecurityTicks

Password management habits you should unlearn 2024-10-01 at 06:31 By Help Net Security Despite advancements in security technology, many individuals and organizations continue to rely on outdated and vulnerable authentication methods, leaving themselves exposed to cyber threats. This ongoing reliance on insecure methods has led to a steady rise in fraud, with weak password practices

React to this headline:

Password management habits you should unlearn Read More »

Infosec products of the month: September 2024

Absolute, anecdotes, ArmorCode, Binarly, Bitdefender, Druva, F5 Networks, Gcore, Guardsquare, Huntress, Ketch, LOKKER, Malwarebytes, Netgear, News, Nudge Security, Prompt Security, Rapid7, Revenera, Skyhigh Security, Strivacity, Tenable, Trellix, Vanta, Veritas Technologies, Wing Security / SecurityTicks

Infosec products of the month: September 2024 2024-10-01 at 06:01 By Help Net Security Here’s a look at the most interesting products from the past month, featuring releases from: Absolute, anecdotes, ArmorCode, Binarly, Bitdefender, Druva, F5 Networks, Gcore, Guardsquare, Huntress, Ketch, LOKKER, Malwarebytes, NETGEAR, Nudge Security, Prompt Security, Rapid7, Revenera, Skyhigh Security, Strivacity, Tenable, Trellix,

React to this headline:

Infosec products of the month: September 2024 Read More »

Ransomware attackers hop from on-premises systems to cloud to compromise Microsoft 365 accounts

account hijacking, Cloud, credentials, Don't miss, Hot stuff, Microsoft, Microsoft Entra ID, News, privileged accounts, Ransomware / SecurityTicks

Ransomware attackers hop from on-premises systems to cloud to compromise Microsoft 365 accounts 2024-09-30 at 17:01 By Zeljka Zorz Storm-0501, an affiliate of several high-profile ransomware-as-a-service outfits, has been spotted compromising targets’ cloud environments and on-premises systems. “Storm-0501 is the latest threat actor observed to exploit weak credentials and over-privileged accounts to move from organizations’

React to this headline:

Ransomware attackers hop from on-premises systems to cloud to compromise Microsoft 365 accounts Read More »

Microsoft revised the controversial Copilot+ Recall feature

Artificial Intelligence, data security, Don't miss, Hot stuff, Microsoft, News, Privacy, Windows / SecurityTicks

Microsoft revised the controversial Copilot+ Recall feature 2024-09-30 at 13:46 By Zeljka Zorz Microsoft has made changes to Recall – the screenshot-taking, AI-powered search feature for Copilot+ PCs running Windows 11 – to reassure users worried about security and privacy. The security of the feature has been assessed by Microsoft’s Offensive Research & Security Engineering

React to this headline:

Microsoft revised the controversial Copilot+ Recall feature Read More »

Could APIs be the undoing of AI?

API security, Artificial Intelligence, Cequence Security, cybersecurity, Don't miss, Expert analysis, Expert corner, generative AI, Hot stuff, LLMs, News, opinion / SecurityTicks

Could APIs be the undoing of AI? 2024-09-30 at 08:01 By Help Net Security Application programming interfaces (APIs) are essential to how generative AI (GenAI) functions with agents (e.g., calling upon them for data). But the combination of API and LLM issues coupled with rapid rollouts is likely to see numerous organizations having to combat

React to this headline:

Could APIs be the undoing of AI? Read More »