News - Security Ticks

Qualcomm patches 3 actively exploited zero-days

0-day, Don't miss, drivers, Hot stuff, News, Qualcomm, security update, vulnerability / SecurityTicks

Qualcomm patches 3 actively exploited zero-days 04/10/2023 at 16:46 By Helga Labus Qualcomm has fixed three actively exploited vulnerabilities (CVE-2023-33106, CVE-2023-33107, CVE-2023-33063) in its Adreno GPU and Compute DSP drivers. Vulnerabilities exploited in Qualcomm GPU and DSP drivers The US-based semiconductor company has been notified by Google Threat Analysis Group and Google Project Zero that […]

Qualcomm patches 3 actively exploited zero-days Read More »

Google unveils stricter anti-spam rules for bulk email senders

Don't miss, Gmail, Google, Hot stuff, News, phishing, spam / SecurityTicks

Google unveils stricter anti-spam rules for bulk email senders 04/10/2023 at 13:17 By Helga Labus To keep Gmail users’ inboxes “safer and more spam-free”, Google is introducing new requirements for bulk senders (of commercial email). “Last year we started requiring that emails sent to a Gmail address must have some form of authentication. And we’ve

Google unveils stricter anti-spam rules for bulk email senders Read More »

Amazon: AWS root accounts must have MFA enabled

account protection, AWS, cloud security, Don't miss, Hot stuff, MFA, News, privileged accounts, security key / SecurityTicks

Amazon: AWS root accounts must have MFA enabled 04/10/2023 at 12:01 By Zeljka Zorz Amazon wants to make it more difficult for attackers to compromise Amazon Web Services (AWS) root accounts, by requiring those account holders to enable multi-factor authentication (MFA). MFA options for AWS accounts AWS provides on-demand cloud computing platforms and APIs to

Amazon: AWS root accounts must have MFA enabled Read More »

Making privacy sustainable: Incorporating privacy into the ESG agenda

BH Consulting, Compliance, data breach, Don't miss, EU, Expert analysis, Expert corner, framework, GDPR, Hot stuff, IoT, legislation, News, opinion, Privacy, regulation, Risk Management, USA / SecurityTicks

Making privacy sustainable: Incorporating privacy into the ESG agenda 04/10/2023 at 08:02 By Help Net Security Data breaches have been rising in frequency and magnitude over the last two decades. In fact, the Identity Theft Resource Centre (ITRC) found that between 2005 and 2020, data breach events in the US alone increased from 57 to

Making privacy sustainable: Incorporating privacy into the ESG agenda Read More »

Tackling cyber risks head-on using security questionnaires

Artificial Intelligence, cyber risk, cybersecurity, Data Protection, Don't miss, Features, framework, Hot stuff, News, opinion, remediation, risk assessment, Risk Management, Skypher, standards, supply chain / SecurityTicks

Tackling cyber risks head-on using security questionnaires 04/10/2023 at 07:33 By Mirko Zorz In this Help Net Security interview, Gaspard de Lacroix-Vaubois, CEO at Skypher, talks about the implementation of security questionnaires and how they facilitate assessments and accountability across all participants in the technology supply chain, fostering trust and safeguarding sensitive data. Many organizations

Tackling cyber risks head-on using security questionnaires Read More »

Cybersecurity preparedness pays big dividends for businesses

cybercrime, cybercriminals, cybersecurity, data breach, GetApp, News, phishing, Ransomware, report, survey / SecurityTicks

Cybersecurity preparedness pays big dividends for businesses 04/10/2023 at 06:32 By Help Net Security Businesses are taking cybersecurity more seriously by boosting resources and preparedness, according to GetApp. US businesses on the whole are gaining ground against cybercriminals after several years of increasingly severe threats, but the Las Vegas cyberattacks are a stark reminder of

Cybersecurity preparedness pays big dividends for businesses Read More »

Factors leading to organizations losing control over IT and security environments

Cloud, Cloudflare, Compliance, cybersecurity, data, digital transformation, hybrid workforce, News, report, SaaS / SecurityTicks

Factors leading to organizations losing control over IT and security environments 04/10/2023 at 06:02 By Help Net Security Companies are challenged with the growing need to connect everything in their business while maintaining control over their security, productivity, and competitive growth, according to Cloudflare. “Today, the big clouds have built business models on capturing your

Factors leading to organizations losing control over IT and security environments Read More »

People Use Find My iPhone For Long Distance Stalking—And There’s Not Much Apple Can Do

cybersecurity, Editors' Pick, Innovation, News, premium, Technology / SecurityTicks

People Use Find My iPhone For Long Distance Stalking—And There’s Not Much Apple Can Do 03/10/2023 at 21:47 By Thomas Brewster, Forbes Staff Find My iPhone and other device-tracking apps have long been used as a tool for domestic abuse, stalking and control of trafficking victims. But so far, there doesn’t appear to be any

People Use Find My iPhone For Long Distance Stalking—And There’s Not Much Apple Can Do Read More »

Photos: Cybertech Europe 2023

Armis, Atlantica, CrowdStrike, CyberGuru, Cybertech Europe 2023, Cybertech Global, DGS, F5 Networks, Forcepoint, Fortinet, gamindo, IBM Security, KnowBe4, Leonardo, Lutech, NetWitness, News, Palo Alto Networks, Qualys, Recorded Future, ScourNomad, SentinelOne, Sysdig, Telsy, Thales, Trend Micro, XM Cyber, Zscaler / SecurityTicks

Photos: Cybertech Europe 2023 03/10/2023 at 16:47 By Help Net Security The Cybertech Europe conference and exhibition takes place at La Nuvola Convention Center in Rome, and features the latest innovative solutions from dozens of companies and speakers, including senior government officials, C-level executives, and industry trailblazers from Europe and around the world. Conference sessions

Photos: Cybertech Europe 2023 Read More »

Zero-day in Arm GPU drivers exploited in targeted attacks (CVE-2023-4211)

0-day, Android, Arm, Don't miss, firmware, Google, Hot stuff, Huawei, News, Samsung, security update, smartphones / SecurityTicks

Zero-day in Arm GPU drivers exploited in targeted attacks (CVE-2023-4211) 03/10/2023 at 14:16 By Zeljka Zorz A vulnerability (CVE-2023-4211) in the kernel drivers for several Mali GPUs “may be under limited, targeted exploitation,” British semiconductor manufacturer Arm has confirmed on Monday, when it released drivers updated with patches. Arm’s Mali GPUs are used on a

Zero-day in Arm GPU drivers exploited in targeted attacks (CVE-2023-4211) Read More »

Evolving conversations: Cybersecurity as a business risk

attacks, BEC scams, boardroom, CISO, Cloud, collaboration, cybersecurity, Don't miss, Expert analysis, Expert corner, Hot stuff, Insider Threat, investment, News, opinion, Ransomware, strategy, Trustwave / SecurityTicks

Evolving conversations: Cybersecurity as a business risk 03/10/2023 at 08:03 By Help Net Security Board members often lack technical expertise and may not fully grasp cyber risks. On the other hand, CISOs are more accustomed to interfacing with IT staff. This is understandable; the board is responsible for guiding high-level decision-making. They rarely become involved

Evolving conversations: Cybersecurity as a business risk Read More »

CISO’s compass: Mastering tech, inspiring teams, and confronting risk

CISO, Compliance, cyber insurance, cybersecurity, data, Don't miss, Features, Hot stuff, law, News, opinion, Privacy, regulation, Risk Management, skill development, Skillsoft, strategy / SecurityTicks

CISO’s compass: Mastering tech, inspiring teams, and confronting risk 03/10/2023 at 07:32 By Mirko Zorz In this Help Net Security interview, Okey Obudulu, CISO at Skillsoft, talks about the increasing complexity of the CISO role and challenges they face. He discusses the business environment, tech innovation, the evolving regulatory landscape, limited resources, and budgets. Obudulu

CISO’s compass: Mastering tech, inspiring teams, and confronting risk Read More »

Chalk: Open-source software security and infrastructure visibility tool

Crash Override, cybersecurity, Don't miss, GitHub, News, software, software development / SecurityTicks

Chalk: Open-source software security and infrastructure visibility tool 03/10/2023 at 06:32 By Mirko Zorz Chalk is a free, open-source tool that helps improve software security. You add a single line to your build script, and it will automatically collect and inject metadata into every build artifact: source code, binaries, and containers. Gaining visibility Chalk enables

Chalk: Open-source software security and infrastructure visibility tool Read More »

Barriers preventing organizations from DevOps automation

automation, cybersecurity, data, DevOps, Dynatrace, investment, News, report, software, survey / SecurityTicks

Barriers preventing organizations from DevOps automation 03/10/2023 at 06:02 By Help Net Security Organizations’ investments in DevOps automation are delivering significant benefits, including a 61% improvement in software quality, a 57% reduction in deployment failures, and a 55% decrease in IT costs, according to Dynatrace. In most organizations, however, DevOps automation practices remain in the

Barriers preventing organizations from DevOps automation Read More »

Critical zero-days in Exim revealed, only 3 have been fixed

0-day, Don't miss, email security, Exim, Hot stuff, Linux, News, security update, Trend Micro, vulnerability disclosure, WatchTowr / SecurityTicks

Critical zero-days in Exim revealed, only 3 have been fixed 02/10/2023 at 17:03 By Zeljka Zorz Six zero-days in Exim, the most widely used mail transfer agent (MTA), have been revealed by Trend Micro’s Zero Day Initiative (ZDI) last Wednesday. Due to what seems to be insufficient information and poor communication, fixes for only three

Critical zero-days in Exim revealed, only 3 have been fixed Read More »

Critical vulnerability in WS_FTP Server exploited by attackers (CVE-2023-40044)

Assetnote, Don't miss, file-sharing, Hot stuff, News, Progress, Rapid7, security update, vulnerability / SecurityTicks

Critical vulnerability in WS_FTP Server exploited by attackers (CVE-2023-40044) 02/10/2023 at 14:17 By Helga Labus Progress Software, the company behind the recently hacked MOVEit file-sharing tool, has recently fixed two critical vulnerabilities (CVE-2023-40044, CVE-2023-42657) in WS_FTP Server, another popular secure file transfer solution. Proof-of-concept code for CVE-2023-40044 has been available since Friday, and Rapid7 researchers

Critical vulnerability in WS_FTP Server exploited by attackers (CVE-2023-40044) Read More »

Most dual ransomware attacks occur within 48 hours

Don't miss, Emsisoft, FBI, Hot stuff, News, Ransomware, Sophos, Symantec, trends / SecurityTicks

Most dual ransomware attacks occur within 48 hours 02/10/2023 at 12:16 By Helga Labus Since July 2023, the Federal Bureau of Investigation (FBI) has noticed a new trend: dual ransomware attacks on the same victim, occurring in close proximity of one another. Dual ransomware attacks Dual ransomware attacks are when against the same victim occurr

Most dual ransomware attacks occur within 48 hours Read More »

Lazarus impersonated Meta recruiter to breach Spanish aerospace firm

APT, backdoor, cyber espionage, ESET, News, spear-phishing / SecurityTicks

Lazarus impersonated Meta recruiter to breach Spanish aerospace firm 02/10/2023 at 11:48 By Help Net Security Operators of the North Korea-linked Lazarus APT obtained initial access to the network of an aerospace company in Spain last year after a successful spearphishing campaign, by masquerading as a recruiter for Meta — the company behind Facebook, Instagram,

Lazarus impersonated Meta recruiter to breach Spanish aerospace firm Read More »

9 essential ransomware guides and checklists available for free

ANSSI, CISA, cybercrime, Don't miss, DXC Technology, Egnyte, FTC, Government, guide, Hot stuff, how-to, IBM, IBM X-Force, Malware, National Cyber Security Centre, News, Ransomware, strategy, tips / SecurityTicks

9 essential ransomware guides and checklists available for free 02/10/2023 at 08:03 By Help Net Security According to Fortinet, ransomware activity has intensified, registering an increase of 13 times compared to the beginning of 2023 in terms of all malware detections. The rise of Ransomware-as-a-Service has primarily driven this surge in ransomware variations. According to

9 essential ransomware guides and checklists available for free Read More »

Securing GitHub Actions for a safer DevOps pipeline

CISA, Cloud, cloud security, credentials, cybersecurity, DevOps, Don't miss, Features, GitHub, Hot stuff, Kubernetes, monitoring, News, NSA, open source, opinion, StepSecurity / SecurityTicks

Securing GitHub Actions for a safer DevOps pipeline 02/10/2023 at 07:32 By Mirko Zorz GitHub Actions provides a platform for continuous integration and continuous delivery (CI/CD), enabling your build, test, and deployment process automation. It allows you to establish workflows that build and test each pull request in your repository and deploy approved pull requests

Securing GitHub Actions for a safer DevOps pipeline Read More »