News - Security Ticks

With DORA approaching, financial institutions must strengthen their cyber resilience

AttackIQ, Compliance, cyber resilience, cybersecurity, Don't miss, EU, Expert analysis, Expert corner, financial industry, Hot stuff, News, opinion, regulation, Risk Management / SecurityTicks

With DORA approaching, financial institutions must strengthen their cyber resilience 2024-12-16 at 07:33 By Help Net Security The clock is ticking for financial institutions across the EU as the January 17, 2025, deadline for the Digital Operational Resilience Act (DORA) approaches. This regulation will reshape how organizations in the financial sector approach cybersecurity and operational […]

React to this headline:

With DORA approaching, financial institutions must strengthen their cyber resilience Read More »

How companies can address bias and privacy challenges in AI models

Artificial Intelligence, cybersecurity, Don't miss, Features, Holistic AI, Hot stuff, News, opinion, strategy / SecurityTicks

How companies can address bias and privacy challenges in AI models 2024-12-16 at 07:03 By Mirko Zorz In this Help Net Security interview, Emre Kazim, Co-CEO of Holistic AI, discusses the need for companies to integrate responsible AI practices into their business strategies from the start. He explores how addressing issues like bias, privacy, and

React to this headline:

How companies can address bias and privacy challenges in AI models Read More »

Trapster Community: Open-source, low-interaction honeypot

Don't miss, GitHub, honeypots, News, open source, software / SecurityTicks

Trapster Community: Open-source, low-interaction honeypot 2024-12-16 at 06:33 By Mirko Zorz Trapster Community is an open-source, lightweight, low-interaction honeypot designed for deployment within internal networks. It enhances network security by creating a deceptive layer that monitors and detects suspicious activities. “Our reengineered approach leverages the asyncio library, breaking away from the norm of Twisted, to

React to this headline:

Trapster Community: Open-source, low-interaction honeypot Read More »

Overlooking platform security weakens long-term cybersecurity posture

cyber risk, cybercrime, cybersecurity, data security, firmware, hardware, HP, News, report, survey / SecurityTicks

Overlooking platform security weakens long-term cybersecurity posture 2024-12-16 at 06:04 By Help Net Security Platform security – securing the hardware and firmware of PCs, laptops and printers – is often overlooked, weakening cybersecurity posture for years to come, according to HP. The report, based on a global study of 800+ IT and security decision-makers (ITSDMs)

React to this headline:

Overlooking platform security weakens long-term cybersecurity posture Read More »

Week in review: Microsoft fixes exploited 0-day, top cybersecurity books for your holiday gift list

News, Week in review / SecurityTicks

Week in review: Microsoft fixes exploited 0-day, top cybersecurity books for your holiday gift list 2024-12-15 at 20:30 By Help Net Security Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: Microsoft fixes exploited zero-day (CVE-2024-49138) On December 2024 Patch Tuesday, Microsoft resolved 71 vulnerabilities in a variety of

React to this headline:

Week in review: Microsoft fixes exploited 0-day, top cybersecurity books for your holiday gift list Read More »

FuzzyAI: Open-source tool for automated LLM fuzzing

CyberArk, Don't miss, GitHub, News, open source, software / SecurityTicks

FuzzyAI: Open-source tool for automated LLM fuzzing 2024-12-13 at 07:36 By Help Net Security FuzzyAI is an open-source framework that helps organizations identify and address AI model vulnerabilities in cloud-hosted and in-house AI models, like guardrail bypassing and harmful output generation. FuzzyAI offers organizations a systematic approach to testing AI models against various adversarial inputs,

React to this headline:

FuzzyAI: Open-source tool for automated LLM fuzzing Read More »

Tackling software vulnerabilities with smarter developer strategies

Application Security, code, cybersecurity, Don't miss, Endor Labs, Features, Hot stuff, News, opinion, software, web application security / SecurityTicks

Tackling software vulnerabilities with smarter developer strategies 2024-12-13 at 07:03 By Mirko Zorz In this Help Net Security interview, Karl Mattson, CISO at Endor Labs, discusses strategies for enhancing secure software development. Mattson covers how developers can address vulnerabilities in complex systems, ways organizations can better support secure coding practices, and the role of languages

React to this headline:

Tackling software vulnerabilities with smarter developer strategies Read More »

CISOs need to consider the personal risks associated with their role

BlackFog, CISO, cybersecurity, News, report, survey / SecurityTicks

CISOs need to consider the personal risks associated with their role 2024-12-13 at 06:34 By Help Net Security 70% of cybersecurity leaders felt that stories of CISOs being held personally liable for cybersecurity incidents have negatively affected their opinion of the role, according to BlackFog. 34% believed that the trend of individuals being prosecuted following

React to this headline:

CISOs need to consider the personal risks associated with their role Read More »

New infosec products of the week: December 13, 2024

Cato Networks, Horizon3.ai, News, SecureAuth, Stamus Networks, Trellix, Versa Networks / SecurityTicks

New infosec products of the week: December 13, 2024 2024-12-13 at 06:04 By Help Net Security Here’s a look at the most interesting products from the past week, featuring releases from Cato Networks, Horizon3.ai, SecureAuth, Stamus Networks, Trellix, and Versa Networks. Trellix Drive Encryption enhances security against insider attacks Trellix Drive Encryption offers enhanced security

React to this headline:

New infosec products of the week: December 13, 2024 Read More »

Cleo patches zero-day exploited by ransomware gang

Cleo, enterprise, file-sharing, Huntress, News, Ransomware, Rapid7, Sophos / SecurityTicks

Cleo patches zero-day exploited by ransomware gang 2024-12-12 at 18:34 By Zeljka Zorz Cleo has released a security patch to address the critical vulnerability that started getting exploited while still a zero-day to breach internet-facing Cleo Harmony, VLTrader, and LexiCom instances. Version 5.8.0.24 of the three products, which was pushed out on Wednesday, plugs the

React to this headline:

Cleo patches zero-day exploited by ransomware gang Read More »

Krispy Kreme cybersecurity incident disrupts online ordering

cyberattack, disruption, Don't miss, Hot stuff, News, Retail, USA / SecurityTicks

Krispy Kreme cybersecurity incident disrupts online ordering 2024-12-12 at 13:39 By Zeljka Zorz Popular US doughnut chain Krispy Kreme has been having trouble with its online ordering system as well as digital payments at their brick-and-mortar shops since late November, and now we finally know why: an 8-K report filed with the US Securities and

React to this headline:

Krispy Kreme cybersecurity incident disrupts online ordering Read More »

27 DDoS-for hire platforms seized by law enforcement

arrest, cybercriminals, DDoS, Don't miss, Europe, Europol, Hot stuff, Justice Department, News, USA / SecurityTicks

27 DDoS-for hire platforms seized by law enforcement 2024-12-12 at 12:39 By Zeljka Zorz As part of an ongoing international crackdown known as Operation PowerOFF, international law enforcement has seized over two dozen platforms used to carry out Distributed Denial-of-Service (DDoS) attacks. These “booter” (aka “stresser”) sites were used by both cybercriminals and hacktivists to

React to this headline:

27 DDoS-for hire platforms seized by law enforcement Read More »

We must adjust expectations for the CISO role

CISO, Compliance, cybersecurity, Don't miss, Expert analysis, Expert corner, Hot stuff, News, opinion, Portnox, resilience / SecurityTicks

We must adjust expectations for the CISO role 2024-12-12 at 11:52 By Help Net Security Cybersecurity has become one of the most high-stakes facets of business operations in the past few years. The chief information security officer (CISO) role, once a back-office function primarily focused on technical oversight, has moved squarely into the executive spotlight.

React to this headline:

We must adjust expectations for the CISO role Read More »

Only Cynet delivers 100% protection and detection visibility in the 2024 MITRE ATT&CK Evaluation

Cynet, Don't miss, Hot stuff, News / SecurityTicks

Only Cynet delivers 100% protection and detection visibility in the 2024 MITRE ATT&CK Evaluation 2024-12-12 at 10:07 By Help Net Security Across small-to-medium enterprises (SMEs) and managed service providers (MSPs), the top priority for cybersecurity leaders is to keep IT environments up and running. To guard against cyber threats and prevent data breaches, it’s vital

React to this headline:

Only Cynet delivers 100% protection and detection visibility in the 2024 MITRE ATT&CK Evaluation Read More »

Shaping effective AI governance is about balancing innovation with humanity

Artificial Intelligence, cybersecurity, Don't miss, Features, Hot stuff, News, opinion, ServiceNow, strategy / SecurityTicks

Shaping effective AI governance is about balancing innovation with humanity 2024-12-12 at 07:04 By Mirko Zorz In this Help Net Security interview, Ben de Bont, CISO at ServiceNow, discusses AI governance, focusing on how to foster innovation while ensuring responsible oversight. He emphasizes the need for collaboration between technologists, policymakers, and ethicists to create ethical

React to this headline:

Shaping effective AI governance is about balancing innovation with humanity Read More »

Keycloak: Open-source identity and access management

access management, Don't miss, GitHub, Hot stuff, identity management, News, open source, software / SecurityTicks

Keycloak: Open-source identity and access management 2024-12-12 at 06:04 By Help Net Security Keycloak is an open-source project for identity and access management (IAM). It provides user federation, strong authentication, user management, authorization, and more. Keycloak is based on standard protocols and supports OpenID Connect, OAuth 2.0, and SAML. Single Sign-On: Users authenticate through Keycloak

React to this headline:

Keycloak: Open-source identity and access management Read More »

Microsoft enforces defenses preventing NTLM relay attacks

account protection, Active Directory, authentication, Don't miss, Hot stuff, Microsoft, Microsoft Exchange, News, Windows Server / SecurityTicks

Microsoft enforces defenses preventing NTLM relay attacks 2024-12-11 at 15:03 By Zeljka Zorz Since making Kerberos the default Windows authentication protocol in 2000, Microsoft has been working on eventually retiring NTLM, its less secure and obsolete counterpart. Until NTLM gets disabled by default, Microsoft is working on shoring up defenses against NTLM relay attacks. How

React to this headline:

Microsoft enforces defenses preventing NTLM relay attacks Read More »

BadRAM: $10 hack unlocks AMD encrypted memory

Amd, chip, CVE, Don't miss, hardware, News, Raspberry Pi, research, vulnerability / SecurityTicks

BadRAM: $10 hack unlocks AMD encrypted memory 2024-12-11 at 13:16 By Mirko Zorz Cybersecurity researchers have identified a vulnerability (CVE-2024-21944, aka BadRAM) affecting ADM processors that can be triggered by rogue memory modules to unlock the chips’ encrypted memory. The SPD chip can be modified using an off-the-shelf microcontroller. The researchers used a Raspberry Pi

React to this headline:

BadRAM: $10 hack unlocks AMD encrypted memory Read More »

Open source malware up 200% since 2023

Don't miss, Hot stuff, Malware, News, open source, report, software, Sonatype / SecurityTicks

Open source malware up 200% since 2023 2024-12-11 at 07:32 By Help Net Security Sonatype’s 2024 Open Source Malware Threat Report reveals that the number of malicious packages has surpassed 778,500 since tracking began in 2019. In 2024, researchers examined how threat actors leverage malicious open-source packages to target developers, particularly as enterprises increasingly adopt

React to this headline:

Open source malware up 200% since 2023 Read More »

Why crisis simulations fail and how to fix them

crisis management, Cyberbit, cybersecurity, Don't miss, Features, Hot stuff, News, opinion, strategy / SecurityTicks

Why crisis simulations fail and how to fix them 2024-12-11 at 07:03 By Mirko Zorz In this Help Net Security interview, Allison Ritter, Head of Cyber Experiential Exercising at Cyberbit, shares her insights on the key differences between in-person and virtual cyber crisis simulations and what makes each approach effective. Ritter highlights the need for

React to this headline:

Why crisis simulations fail and how to fix them Read More »