News

SCCMSecrets: Open-source SCCM policies exploitation tool

Don't miss, GitHub, News, open source, software /

SCCMSecrets: Open-source SCCM policies exploitation tool 2024-09-30 at 07:31 By Help Net Security SCCMSecrets is an open-source tool that exploits SCCM policies, offering more than just NAA credential extraction. SCCM policies are a key target for attackers in Active Directory environments, as they can expose sensitive technical information, including account credentials. Attackers may retrieve these […]

React to this headline:

Loading spinner

SCCMSecrets: Open-source SCCM policies exploitation tool Read More »

Open source maintainers: Key to software health and security

cybersecurity, Don't miss, Hot stuff, News, open source, research, survey, Tidelift, Video /

Open source maintainers: Key to software health and security 2024-09-30 at 07:01 By Help Net Security Open source has become the foundation of modern application development, with up to 98% of applications incorporating open-source components and open-source code accounting for 70% or more of the typical application. In this Help Net Security video, Donald Fischer,

React to this headline:

Loading spinner

Open source maintainers: Key to software health and security Read More »

Businesses turn to private AI for enhanced security and data management

Artificial Intelligence, Broadcom, cybersecurity, data security, Don't miss, Features, Hot stuff, News, opinion, regulation /

Businesses turn to private AI for enhanced security and data management 2024-09-30 at 06:31 By Mirko Zorz In this Help Net Security interview, Joe Baguley, CTO EMEA at Broadcom, shares insights on private AI and its significance in data security. He explains how it helps organizations maintain control over sensitive information while addressing the complexities

React to this headline:

Loading spinner

Businesses turn to private AI for enhanced security and data management Read More »

The most common authentication method is also the least secure

authentication, cyber risk, cybersecurity, News, passwords, report, survey, Yubico /

The most common authentication method is also the least secure 2024-09-30 at 06:01 By Help Net Security Despite the rise in cyber threats, many people do not have a holistic view of security, according to Yubico. The results of the survey uncovered concerning patterns and behaviors when it comes to personal and workplace cybersecurity, including

React to this headline:

Loading spinner

The most common authentication method is also the least secure Read More »

Week in review: Windows Server 2025 gets hotpatching option, PoC for SolarWinds WHD flaw released

News, Week in review /

Week in review: Windows Server 2025 gets hotpatching option, PoC for SolarWinds WHD flaw released 2024-09-29 at 11:01 By Help Net Security Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: Windows Server 2025 gets hotpatching option, without reboots Organizations that plan to upgrade to Windows Server 2025 once

React to this headline:

Loading spinner

Week in review: Windows Server 2025 gets hotpatching option, PoC for SolarWinds WHD flaw released Read More »

CUPS vulnerabilities affecting Linux, Unix systems can lead to RCE

CVE, Don't miss, Hot stuff, Linux, News, PoC, Rapid7, Red Hat, Tenable, vulnerability /

CUPS vulnerabilities affecting Linux, Unix systems can lead to RCE 2024-09-27 at 13:31 By Zeljka Zorz After much hyping and following prematurely leaked information by a third party, security researcher Simone Margaritelli has released details about four zero-day vulnerabilities in the Common UNIX Printing System (CUPS) that can be abused by remote, unauthenticated attackers to

React to this headline:

Loading spinner

CUPS vulnerabilities affecting Linux, Unix systems can lead to RCE Read More »

3 tips for securing IoT devices in a connected world

access control, authentication, cybersecurity, Don't miss, Expert analysis, Expert corner, Hot stuff, identity management, IoT, News, opinion, tips, WatchGuard /

3 tips for securing IoT devices in a connected world 2024-09-27 at 08:01 By Help Net Security IoT devices have become integral to how many organizations operate. From Smart TVs in conference rooms to connected sensors and wireless security cameras, these connected devices are now a fixture in the modern workplace. They also, however, present

React to this headline:

Loading spinner

3 tips for securing IoT devices in a connected world Read More »

Tosint: Open-source Telegram OSINT tool

Don't miss, GitHub, Hot stuff, News, open source, OSINT, software, Telegram /

Tosint: Open-source Telegram OSINT tool 2024-09-27 at 07:31 By Mirko Zorz Tosint is an open-source Telegram OSINT tool that extracts useful information from Telegram bots and channels. It’s suited for security researchers, investigators, and others who want to gather insights from Telegram sources. Several law enforcement agencies utilize Tosint to gather intelligence and monitor cybercriminal

React to this headline:

Loading spinner

Tosint: Open-source Telegram OSINT tool Read More »

Developing an effective cyberwarfare response plan

Armis, Artificial Intelligence, cybersecurity, Cyberwarfare, digital transformation, Don't miss, Features, Hot stuff, News, opinion, remediation, strategy, threat, Threat Intelligence /

Developing an effective cyberwarfare response plan 2024-09-27 at 07:01 By Mirko Zorz In this Help Net Security interview, Nadir Izrael, CTO at Armis, discusses how AI has transformed cyberwarfare by amplifying attacks’ scale and sophistication. Izrael emphasizes the need for AI-powered defenses and proactive cybersecurity strategies to combat these evolving threats. How has adopting AI

React to this headline:

Loading spinner

Developing an effective cyberwarfare response plan Read More »

New infosec products of the week: September 27, 2024

Absolute, ArmorCode, Bitdefender, Guardsquare, Malwarebytes, Netgear, News, Nudge Security /

New infosec products of the week: September 27, 2024 2024-09-27 at 06:31 By Help Net Security Here’s a look at the most interesting products from the past week, featuring releases from Absolute, ArmorCode, Bitdefender, Guardsquare, Malwarebytes, NETGEAR, and Nudge Security. Bitdefender debuts GravityZone PHASR, enhancing security through user behavior analysis GravityZone PHASR enables security teams

React to this headline:

Loading spinner

New infosec products of the week: September 27, 2024 Read More »

Active Directory compromise: Cybersecurity agencies provde guidance

access management, Active Directory, Don't miss, enterprise, guide, Hot stuff, identity management, intrusion detection, News, tips /

Active Directory compromise: Cybersecurity agencies provde guidance 2024-09-26 at 17:31 By Zeljka Zorz Active Directory (AD), Microsoft’s on-premises directory service for Windows domain networks, is so widely used for enterprise identity and access management that compromising it has become almost a standard step in cyber intrusions. “Active Directory is susceptible to compromise due to its

React to this headline:

Loading spinner

Active Directory compromise: Cybersecurity agencies provde guidance Read More »

The number of Android memory safety vulnerabilities has tumbled, and here’s why

Android, code, cybersecurity, Don't miss, Hot stuff, News, programming, software development, vulnerability /

The number of Android memory safety vulnerabilities has tumbled, and here’s why 2024-09-26 at 15:32 By Zeljka Zorz Google’s decision to write new code into Android’s codebase in Rust, a memory-safe programming language, has resulted in a significant drop in memory safety vulnerabilities, despite old code (written in C/C++) not having been rewritten. The number

React to this headline:

Loading spinner

The number of Android memory safety vulnerabilities has tumbled, and here’s why Read More »

New MIT protocol protects sensitive data during cloud-based computation

data security, Don't miss, MIT, News, quantum computing, research /

New MIT protocol protects sensitive data during cloud-based computation 2024-09-26 at 12:02 By Help Net Security Deep-learning models have found applications across various industries, from healthcare diagnostics to financial forecasting. However, their high computational demands often require powerful cloud-based servers. This dependency on cloud computing raises notable security concerns, particularly in sensitive sectors like healthcare.

React to this headline:

Loading spinner

New MIT protocol protects sensitive data during cloud-based computation Read More »

AI use: 3 essential questions every CISO must ask

Artificial Intelligence, CISO, cybersecurity, Don't miss, Expert analysis, Expert corner, Graylog, Hot stuff, investment, News, opinion, threat detection /

AI use: 3 essential questions every CISO must ask 2024-09-26 at 07:32 By Help Net Security In July, Wall Street experienced its worst day since 2022, with the tech-focused Nasdaq falling by 3.6%. The downturn was largely triggered by what commentators suggest is the result of underwhelming earnings from some major tech companies. What’s notable

React to this headline:

Loading spinner

AI use: 3 essential questions every CISO must ask Read More »

Compliance management strategies for protecting data in complex regulatory environments

access control, auditing, Compliance, cybersecurity, Don't miss, Features, Hot stuff, monitoring, News, NordLayer, opinion, regulation, strategy, tips /

Compliance management strategies for protecting data in complex regulatory environments 2024-09-26 at 07:02 By Mirko Zorz In this Help Net Security interview, Andrius Buinovskis, Head of Product at NordLayer, discusses how organizations can assess their compliance management and ensure they meet regulatory requirements. Buinovskis also addresses the challenges of managing multiple frameworks and offers strategies

React to this headline:

Loading spinner

Compliance management strategies for protecting data in complex regulatory environments Read More »

Rethinking privacy: A tech expert’s perspective

Don't miss, Hot stuff, MIT, News, opinion, Privacy, research, Video /

Rethinking privacy: A tech expert’s perspective 2024-09-26 at 06:33 By Help Net Security Data privacy has become one of the most pressing challenges of our time, but it didn’t happen overnight. The proliferation of data collection, coupled with the rise of advanced technologies like artificial intelligence and machine learning, has made it easier to piece

React to this headline:

Loading spinner

Rethinking privacy: A tech expert’s perspective Read More »

Companies mentioned on the dark web at higher risk for cyber attacks

cyber risk, cybersecurity, dark web, Marsh McLennan, News, report, Searchlight Cyber, survey /

Companies mentioned on the dark web at higher risk for cyber attacks 2024-09-26 at 06:01 By Help Net Security The presence of any data relating to an organization on the dark web demonstrably increases its risk of a cyber attack, according to Searchlight Cyber. Dark web insights and breach correlation Marsh McLennan Cyber Risk Intelligence

React to this headline:

Loading spinner

Companies mentioned on the dark web at higher risk for cyber attacks Read More »

FINRA Warns of Rising Risks as Third-Party Cyberattacks Threaten Financial Services

News, Security Research, Threat Intelligence /

FINRA Warns of Rising Risks as Third-Party Cyberattacks Threaten Financial Services 2024-09-26 at 01:03 By Earlier this month, the Financial Industry Regulatory Authority (FINRA) posted a cybersecurity advisory highlighting the recent cybersecurity risks of third parties impacting its members and financial services organizations. The recently released Trustwave SpiderLabs 2024 Trustwave Risk Radar Report: Financial Services

React to this headline:

Loading spinner

FINRA Warns of Rising Risks as Third-Party Cyberattacks Threaten Financial Services Read More »

PoC for critical SolarWinds Web Help Desk vulnerability released (CVE-2024-28987)

CVE, Don't miss, education, enterprise, Government, Horizon3.ai, Hot stuff, MSP, News, PoC, SMBs, SolarWinds, vulnerability /

PoC for critical SolarWinds Web Help Desk vulnerability released (CVE-2024-28987) 2024-09-25 at 17:17 By Zeljka Zorz Details about and proof-of-concept (PoC) exploit code for CVE-2024-28987, a recently patched SolarWinds Web Help Desk (WHD) vulnerability that could be exploited by unauthenticated attackers to remotely read and modify all help desk ticket details, are now public. “When

React to this headline:

Loading spinner

PoC for critical SolarWinds Web Help Desk vulnerability released (CVE-2024-28987) Read More »

Scroll to Top