News

The proliferation of non-human identities

cybersecurity, Don't miss, Entro, News, Non Human Identities, report, security practices, survey /

The proliferation of non-human identities 2024-09-18 at 07:01 By Mirko Zorz 97% of non-human identities (NHIs) have excessive privileges, increasing unauthorized access and broadening the attack surface, according to Entro Security’s 2025 State of Non-Human Identities and Secrets in Cybersecurity report. 92% of organizations expose NHIs to third parties, resulting in unauthorized access if third-party […]

React to this headline:

Loading spinner

The proliferation of non-human identities Read More »

Cybersecurity jobs available right now: September 18, 2024

cybersecurity jobs, Don't miss, Hot stuff, News /

Cybersecurity jobs available right now: September 18, 2024 2024-09-18 at 06:31 By Anamarija Pogorelec Application Security Engineer CHANEL | France | On-site – View job details As an Application Security Engineer, you will perform application-focus, offensive, security assessments of existing and upcoming Chanel’s features and products. Enforce smart CI/CD security tooling (SAST, dependencies checker, IAST,

React to this headline:

Loading spinner

Cybersecurity jobs available right now: September 18, 2024 Read More »

Organizations overwhelmed by numerous and insecure remote access tools

Claroty, cyber risk, cybersecurity, News, report, survey /

Organizations overwhelmed by numerous and insecure remote access tools 2024-09-18 at 06:01 By Help Net Security Organizations are combating excessive remote access demands with an equally excessive number of tools that provide varying degrees of security, according to Claroty. Data from more than 50,000 remote-access-enabled devices showed that the volume of remote access tools deployed

React to this headline:

Loading spinner

Organizations overwhelmed by numerous and insecure remote access tools Read More »

Apple releases iOS 18, with security and privacy improvements

access control, apple, Don't miss, Hot stuff, iOS, iPhone, News, password management, password manager /

Apple releases iOS 18, with security and privacy improvements 2024-09-17 at 15:46 By Zeljka Zorz Apple has launched iOS 18, the latest significant iteration of the operating system powering its iPhones. Along with many new features and welcome customization options, iOS 18 brings several changes for improving users’ security and privacy. A standalone Passwords app

React to this headline:

Loading spinner

Apple releases iOS 18, with security and privacy improvements Read More »

PoC exploit for exploited Ivanti Cloud Services Appliance flaw released (CVE-2024-8190)

CVE, Don't miss, enterprise, Horizon3.ai, Hot stuff, Ivanti, News, PoC, secure communications, vulnerability /

PoC exploit for exploited Ivanti Cloud Services Appliance flaw released (CVE-2024-8190) 2024-09-17 at 13:02 By Zeljka Zorz CVE-2024-8190, an OS command injection vulnerability in Ivanti Cloud Services Appliance (CSA) v4.6, is under active exploitation. Details about the attacks are still unknown, but there may be more in the near future: Horizon3.ai researchers have published their

React to this headline:

Loading spinner

PoC exploit for exploited Ivanti Cloud Services Appliance flaw released (CVE-2024-8190) Read More »

Gateways to havoc: Overprivileged dormant service accounts

Anetac, cybersecurity, data breach, Don't miss, Expert analysis, Expert corner, Hot stuff, identity, News, opinion, privileged accounts /

Gateways to havoc: Overprivileged dormant service accounts 2024-09-17 at 07:32 By Help Net Security Service accounts are non-human identities used to automate machine-to-machine interactions. They support critical functions – such as running scripts, services, and applications like websites, APIs, and databases – and facilitate integrations, operating as a proxy to humans and supporting business processes.

React to this headline:

Loading spinner

Gateways to havoc: Overprivileged dormant service accounts Read More »

The growing danger of visual hacking and how to protect against it

cybersecurity, Don't miss, Features, hacking, hardware, Hot stuff, News, opinion, Privacy, Rain Technology /

The growing danger of visual hacking and how to protect against it 2024-09-17 at 07:01 By Mirko Zorz In this Help Net Security interview, Robert Ramsey, CEO at Rain Technology, discusses the growing threat of visual hacking, how it bypasses traditional cybersecurity measures, and the importance of physical barriers like switchable privacy screens. Could you

React to this headline:

Loading spinner

The growing danger of visual hacking and how to protect against it Read More »

Beyond human IAM: The rising tide of machine identities

cybersecurity, Don't miss, Expert analysis, Expert corner, GitGuardian, Hot stuff, News, opinion, strategy /

Beyond human IAM: The rising tide of machine identities 2024-09-17 at 06:31 By Help Net Security Remember when managing user accounts was your biggest headache? Those were simpler times. Today, we’re drowning in a sea of machine identities, and it’s time to learn how to swim – or risk going under. In the ever-expanding universe

React to this headline:

Loading spinner

Beyond human IAM: The rising tide of machine identities Read More »

The cybersecurity workforce of the future requires diverse hiring practices

cybersecurity, ISC2, News, report, skill development, survey /

The cybersecurity workforce of the future requires diverse hiring practices 2024-09-17 at 06:01 By Help Net Security The global cybersecurity workforce gap reached a new high with an estimated 4.8 million professionals needed to effectively secure organizations, a 19% year-on-year increase, according to ISC2. Despite the growing need for professionals, global workforce growth has slowed

React to this headline:

Loading spinner

The cybersecurity workforce of the future requires diverse hiring practices Read More »

Microsoft confirms second 0-day exploited by Void Banshee APT (CVE-2024-43461)

0-day, APT, Check Point, CVE, Don't miss, Hot stuff, Microsoft, News, security update, Trend Micro, vulnerability, Windows /

Microsoft confirms second 0-day exploited by Void Banshee APT (CVE-2024-43461) 2024-09-16 at 15:46 By Zeljka Zorz CVE-2024-43461, a spoofing vulnerability affecting Windows MSHTML – a software component used by various apps for rendering render web pages on Windows – “was exploited as a part of an attack chain relating to CVE-2024-38112, prior to July 2024,”

React to this headline:

Loading spinner

Microsoft confirms second 0-day exploited by Void Banshee APT (CVE-2024-43461) Read More »

EchoStrike: Generate undetectable reverse shells, perform process injection

cybersecurity, Don't miss, GitHub, Hot stuff, News, open source, penetration testing, red team, software, Windows /

EchoStrike: Generate undetectable reverse shells, perform process injection 2024-09-16 at 07:31 By Mirko Zorz EchoStrike is an open-source tool designed to generate undetectable reverse shells and execute process injection on Windows systems. “EchoStrike allows you to generate binaries that, when executed, create an undetectable RevShell, which can be the first entry point into a company.

React to this headline:

Loading spinner

EchoStrike: Generate undetectable reverse shells, perform process injection Read More »

Compliance frameworks and GenAI: The Wild West of security standards

Application Security, automation, Compliance, cybersecurity, Don't miss, Features, generative AI, Hot stuff, News, opinion, penetration testing, regulation, software, SplxAI /

Compliance frameworks and GenAI: The Wild West of security standards 2024-09-16 at 07:01 By Mirko Zorz In this Help Net Security interview, Kristian Kamber, CEO at SplxAI, discusses how security challenges for GenAI differ from traditional software. Unlike predictable software, GenAI introduces dynamic, evolving threats, requiring new strategies for defense and compliance. Kamber highlights the

React to this headline:

Loading spinner

Compliance frameworks and GenAI: The Wild West of security standards Read More »

The ripple effects of regulatory actions on CISO reporting

CISO, cybersecurity, Don't miss, FTC, Hot stuff, News, strategy, Video, YL Ventures /

The ripple effects of regulatory actions on CISO reporting 2024-09-16 at 06:31 By Help Net Security In this Help Net Security video, Sara Behar, Content Manager at YL Ventures, discusses how recent regulatory actions and high-profile legal incidents involving cybersecurity leaders have influenced CISO reporting. In a recent report of the CISO Circuit, YL Ventures

React to this headline:

Loading spinner

The ripple effects of regulatory actions on CISO reporting Read More »

Trends and dangers in open-source software dependencies

cybersecurity, Endor Labs, News, open source, report, survey, vulnerability management /

Trends and dangers in open-source software dependencies 2024-09-16 at 06:01 By Help Net Security A C-suite perspective on potential vulnerabilities within open-source dependencies or software packages reveals that, while remediation costs for dependency risks are perilously high, function-level reachability analysis still offers the best value in this critical area, according to Endor Labs. The research

React to this headline:

Loading spinner

Trends and dangers in open-source software dependencies Read More »

eBook: Navigating compliance with a security-first approach

Don't miss, Enzoic, Hot stuff, News, Whitepapers and webinars /

eBook: Navigating compliance with a security-first approach 2024-09-16 at 05:46 By Help Net Security As cyberattacks escalate, more regulations are being introduced to help protect organizations and their customers’ data. This has resulted in a complex web of legislation with which companies in the private sector must comply. It can be challenging, as industry standards

React to this headline:

Loading spinner

eBook: Navigating compliance with a security-first approach Read More »

Week in review: Veeam Backup & Replication RCE could soon be exploited, Microsoft fixes 4 0-days

News, Week in review /

Week in review: Veeam Backup & Replication RCE could soon be exploited, Microsoft fixes 4 0-days 2024-09-15 at 11:01 By Help Net Security Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: Veeam Backup & Replication RCE flaw may soon be leveraged by ransomware gangs (CVE-2024-40711) CVE-2024-40711, a critical

React to this headline:

Loading spinner

Week in review: Veeam Backup & Replication RCE could soon be exploited, Microsoft fixes 4 0-days Read More »

How to make Infrastructure as Code secure by default

code, cybersecurity, DevOps, Don't miss, Expert analysis, Expert corner, Hot stuff, News, opinion, policy, remediation, security standard, StackGen, threat detection /

How to make Infrastructure as Code secure by default 2024-09-13 at 07:46 By Help Net Security Infrastructure as Code (IaC) has become a widely adopted practice in modern DevOps, automating the management and provisioning of technology infrastructure through machine-readable definition files. What can we to do make IaC secure by default? Security workflows for IaC

React to this headline:

Loading spinner

How to make Infrastructure as Code secure by default Read More »

Security measures fail to keep up with rising email attacks

Abnormal Security, Acronis, Coalition, Cofense, cybercrime, cybersecurity, Darktrace, Egress, Email, email secure, News, Proofpoint, report, survey, VIPRE Security /

Security measures fail to keep up with rising email attacks 2024-09-13 at 07:31 By Help Net Security Organizations must reassess their email security posture as incidents continue to escalate, leading to financial losses. Key findings reveal a significant increase in email attacks, with many successfully bypassing standard security protocols and targeting vulnerable sectors. Business email

React to this headline:

Loading spinner

Security measures fail to keep up with rising email attacks Read More »

Organizations still don’t know how to handle non-human identities

Astrix Security, Cloud Security Alliance, cybersecurity, identity, News, report, survey /

Organizations still don’t know how to handle non-human identities 2024-09-13 at 07:01 By Help Net Security Organizations are grappling with their current NHI (non-human identities) security strategies, according to Cloud Security Alliance and Astrix Security. The high volume of NHIs significantly amplifies the security challenges organizations face. Each NHI can potentially access sensitive data and

React to this headline:

Loading spinner

Organizations still don’t know how to handle non-human identities Read More »

Cyber insurance set for explosive growth

cyber insurance, CyberCube, cybersecurity, News, report, survey /

Cyber insurance set for explosive growth 2024-09-13 at 06:31 By Help Net Security Cyber insurance is poised for exponential growth over the coming decade, but it remains a capital-intensive peril that requires structural innovation, according to CyberCube. The mid-range projection suggests that the US standalone cyber insurance market could reach $45 billion in premiums by

React to this headline:

Loading spinner

Cyber insurance set for explosive growth Read More »

Scroll to Top